 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.148785 |
| Category: | Web Servers |
| Title: | Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Linux |
| Summary: | Apache Tomcat is prone to an information disclosure; vulnerability. |
| Description: | Summary: Apache Tomcat is prone to an information disclosure vulnerability. Vulnerability Insight: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Affected Software/OS: Apache Tomcat version 8.5.0 through 8.5.77, 9.0.0-M1 through 9.0.60, 10.0.0-M1 through 10.0.18 and 10.1.0-M1 through 10.1.0-M12. Solution: Update to version 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14 or later. CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-43980 Debian Security Information: DSA-5265 (Google Search) https://www.debian.org/security/2022/dsa-5265 https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 https://lists.debian.org/debian-lts-announce/2022/10/msg00029.html http://www.openwall.com/lists/oss-security/2022/09/28/1 |
| Copyright | Copyright (C) 2022 Greenbone Networks GmbH |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |