GHSA-fjwp-r6fm-q6qw

Suggest an improvement
Source
https://github.com/advisories/GHSA-fjwp-r6fm-q6qw
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-fjwp-r6fm-q6qw/GHSA-fjwp-r6fm-q6qw.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-fjwp-r6fm-q6qw
Aliases
Published
2022-05-14T01:10:15Z
Modified
2024-10-16T02:19:49.489062Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
Details

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.

Database specific
{
    "nvd_published_at": "2017-03-14T09:59:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2023-12-08T22:35:57Z"
}
References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.5.7
Fixed
8.5.10

Affected versions

8.*

8.5.8
8.5.9

Database specific

{
    "last_known_affected_version_range": "<= 8.5.9"
}

Maven / org.apache.tomcat:tomcat

Package

Name
org.apache.tomcat:tomcat
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9.0.0.M11
Fixed
9.0.0.M16

Affected versions

9.*

9.0.0.M11
9.0.0.M13
9.0.0.M15

Database specific

{
    "last_known_affected_version_range": "<= 9.0.0.M15"
}