BIT-tomcat-2020-13943

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2020-13943.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-tomcat-2020-13943
Aliases
Published
2024-03-06T11:11:40.396Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.32:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.34:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.35:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.36:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.37:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.38:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.39:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.40:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.41:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.42:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.43:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.44:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.45:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.46:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.47:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.48:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.49:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.50:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.51:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.52:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.53:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.54:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.55:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.56:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.57:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.10:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.11:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.12:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.14:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.15:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.16:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.17:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.18:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.19:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.20:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.21:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.23:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.24:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.25:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.26:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.27:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.28:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.30:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.31:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.32:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.33:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.34:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.35:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*",
        "cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / tomcat

Package

Name
tomcat
Purl
pkg:bitnami/tomcat

Severity

  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
8.5.0
Last affected
8.5.0
Introduced
8.5.1
Last affected
8.5.1
Introduced
8.5.2
Last affected
8.5.2
Introduced
8.5.3
Last affected
8.5.3
Introduced
8.5.4
Last affected
8.5.4
Introduced
8.5.5
Last affected
8.5.5
Introduced
8.5.6
Last affected
8.5.6
Introduced
8.5.7
Last affected
8.5.7
Introduced
8.5.8
Last affected
8.5.8
Introduced
8.5.9
Last affected
8.5.9
Introduced
8.5.10
Last affected
8.5.10
Introduced
8.5.11
Last affected
8.5.11
Introduced
8.5.12
Last affected
8.5.12
Introduced
8.5.13
Last affected
8.5.13
Introduced
8.5.14
Last affected
8.5.14
Introduced
8.5.15
Last affected
8.5.15
Introduced
8.5.16
Last affected
8.5.16
Introduced
8.5.17
Last affected
8.5.17
Introduced
8.5.18
Last affected
8.5.18
Introduced
8.5.19
Last affected
8.5.19
Introduced
8.5.20
Last affected
8.5.20
Introduced
8.5.21
Last affected
8.5.21
Introduced
8.5.22
Last affected
8.5.22
Introduced
8.5.23
Last affected
8.5.23
Introduced
8.5.24
Last affected
8.5.24
Introduced
8.5.25
Last affected
8.5.25
Introduced
8.5.26
Last affected
8.5.26
Introduced
8.5.27
Last affected
8.5.27
Introduced
8.5.28
Last affected
8.5.28
Introduced
8.5.29
Last affected
8.5.29
Introduced
8.5.30
Last affected
8.5.30
Introduced
8.5.31
Last affected
8.5.31
Introduced
8.5.32
Last affected
8.5.32
Introduced
8.5.33
Last affected
8.5.33
Introduced
8.5.34
Last affected
8.5.34
Introduced
8.5.35
Last affected
8.5.35
Introduced
8.5.36
Last affected
8.5.36
Introduced
8.5.37
Last affected
8.5.37
Introduced
8.5.38
Last affected
8.5.38
Introduced
8.5.39
Last affected
8.5.39
Introduced
8.5.40
Last affected
8.5.40
Introduced
8.5.41
Last affected
8.5.41
Introduced
8.5.42
Last affected
8.5.42
Introduced
8.5.43
Last affected
8.5.43
Introduced
8.5.44
Last affected
8.5.44
Introduced
8.5.45
Last affected
8.5.45
Introduced
8.5.46
Last affected
8.5.46
Introduced
8.5.47
Last affected
8.5.47
Introduced
8.5.48
Last affected
8.5.48
Introduced
8.5.49
Last affected
8.5.49
Introduced
8.5.50
Last affected
8.5.50
Introduced
8.5.51
Last affected
8.5.51
Introduced
8.5.52
Last affected
8.5.52
Introduced
8.5.53
Last affected
8.5.53
Introduced
8.5.54
Last affected
8.5.54
Introduced
8.5.55
Last affected
8.5.55
Introduced
8.5.56
Last affected
8.5.56
Introduced
8.5.57
Last affected
8.5.57
Introduced
9.0.0-milestone10
Last affected
9.0.0-milestone10
Introduced
9.0.0-milestone11
Last affected
9.0.0-milestone11
Introduced
9.0.0-milestone12
Last affected
9.0.0-milestone12
Introduced
9.0.0-milestone13
Last affected
9.0.0-milestone13
Introduced
9.0.0-milestone14
Last affected
9.0.0-milestone14
Introduced
9.0.0-milestone15
Last affected
9.0.0-milestone15
Introduced
9.0.0-milestone16
Last affected
9.0.0-milestone16
Introduced
9.0.0-milestone17
Last affected
9.0.0-milestone17
Introduced
9.0.0-milestone18
Last affected
9.0.0-milestone18
Introduced
9.0.0-milestone19
Last affected
9.0.0-milestone19
Introduced
9.0.0-milestone20
Last affected
9.0.0-milestone20
Introduced
9.0.0-milestone21
Last affected
9.0.0-milestone21
Introduced
9.0.0-milestone22
Last affected
9.0.0-milestone22
Introduced
9.0.0-milestone23
Last affected
9.0.0-milestone23
Introduced
9.0.0-milestone24
Last affected
9.0.0-milestone24
Introduced
9.0.0-milestone25
Last affected
9.0.0-milestone25
Introduced
9.0.0-milestone26
Last affected
9.0.0-milestone26
Introduced
9.0.0-milestone27
Last affected
9.0.0-milestone27
Introduced
9.0.0-milestone5
Last affected
9.0.0-milestone5
Introduced
9.0.0-milestone6
Last affected
9.0.0-milestone6
Introduced
9.0.0-milestone7
Last affected
9.0.0-milestone7
Introduced
9.0.0-milestone8
Last affected
9.0.0-milestone8
Introduced
9.0.0-milestone9
Last affected
9.0.0-milestone9
Introduced
9.0.1
Last affected
9.0.1
Introduced
9.0.2
Last affected
9.0.2
Introduced
9.0.3
Last affected
9.0.3
Introduced
9.0.4
Last affected
9.0.4
Introduced
9.0.5
Last affected
9.0.5
Introduced
9.0.6
Last affected
9.0.6
Introduced
9.0.7
Last affected
9.0.7
Introduced
9.0.8
Last affected
9.0.8
Introduced
9.0.9
Last affected
9.0.9
Introduced
9.0.10
Last affected
9.0.10
Introduced
9.0.11
Last affected
9.0.11
Introduced
9.0.12
Last affected
9.0.12
Introduced
9.0.13
Last affected
9.0.13
Introduced
9.0.14
Last affected
9.0.14
Introduced
9.0.15
Last affected
9.0.15
Introduced
9.0.16
Last affected
9.0.16
Introduced
9.0.17
Last affected
9.0.17
Introduced
9.0.18
Last affected
9.0.18
Introduced
9.0.19
Last affected
9.0.19
Introduced
9.0.20
Last affected
9.0.20
Introduced
9.0.21
Last affected
9.0.21
Introduced
9.0.22
Last affected
9.0.22
Introduced
9.0.23
Last affected
9.0.23
Introduced
9.0.24
Last affected
9.0.24
Introduced
9.0.25
Last affected
9.0.25
Introduced
9.0.26
Last affected
9.0.26
Introduced
9.0.27
Last affected
9.0.27
Introduced
9.0.28
Last affected
9.0.28
Introduced
9.0.29
Last affected
9.0.29
Introduced
9.0.30
Last affected
9.0.30
Introduced
9.0.31
Last affected
9.0.31
Introduced
9.0.32
Last affected
9.0.32
Introduced
9.0.33
Last affected
9.0.33
Introduced
9.0.34
Last affected
9.0.34
Introduced
9.0.35
Last affected
9.0.35
Introduced
9.0.36
Last affected
9.0.36
Introduced
9.0.37
Last affected
9.0.37
Introduced
10.0.0-milestone1
Last affected
10.0.0-milestone1
Introduced
10.0.0-milestone2
Last affected
10.0.0-milestone2
Introduced
10.0.0-milestone3
Last affected
10.0.0-milestone3
Introduced
10.0.0-milestone4
Last affected
10.0.0-milestone4
Introduced
10.0.0-milestone5
Last affected
10.0.0-milestone5
Introduced
10.0.0-milestone6
Last affected
10.0.0-milestone6
Introduced
10.0.0-milestone7
Last affected
10.0.0-milestone7