Vulnerability Database
289,571
Total vulnerabilities in the database
CVE-2023-34981
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
| Software | From | Fixed in |
|---|---|---|
org.apache.tomcat / tomcat
|
11.0.0-M5 | 11.0.0-m5.x |
|
org.apache.tomcat / tomcat
|
11.0.0-M5 | 11.0.0-M6 |
|
org.apache.tomcat / tomcat
|
10.1.8 | 10.1.8.x |
|
org.apache.tomcat / tomcat
|
10.1.8 | 10.1.9 |
|
org.apache.tomcat / tomcat
|
9.0.74 | 9.0.74.x |
|
org.apache.tomcat / tomcat
|
9.0.74 | 9.0.75 |
|
org.apache.tomcat / tomcat
|
8.5.88 | 8.5.88.x |
|
org.apache.tomcat / tomcat
|
8.5.88 | 8.5.89 |
| apache / tomcat | 10.1.8 | 10.1.8.x |
| apache / tomcat | 9.0.74 | 9.0.74.x |
| apache / tomcat | 8.5.88 | 8.5.88.x |
| apache / tomcat | 11.0.0-milestone5 | 11.0.0-milestone5.x |
- https://bz.apache.org/bugzilla/show_bug.cgi?id=66512
- https://bz.apache.org/bugzilla/show_bug.cgi?id=66591
- https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz
- https://security.netapp.com/advisory/ntap-20230714-0003
- https://security.netapp.com/advisory/ntap-20230714-0003/
- https://tomcat.apache.org/security-10.html
- https://tomcat.apache.org/security-11.html
- https://tomcat.apache.org/security-8.html
- https://tomcat.apache.org/security-9.html