If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
{ "cpes": [ "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.38:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.39:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.40:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.41:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.42:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.43:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.44:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.45:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.46:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.47:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.48:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.49:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.50:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.51:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.52:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.53:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.54:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.55:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.56:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.57:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.15:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.16:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.17:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.18:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.19:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.20:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.21:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.22:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.23:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.24:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.25:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.26:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.27:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.29:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.30:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.31:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.32:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.33:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.34:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.35:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.36:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.37:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:apache:tomcat:9.0.9:*:*:*:*:*:*:*" ], "severity": "Medium" }