cve/2023/CVE-2023-34981.md

### [CVE-2023-34981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.0.0-M5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20loop%20logic&color=brighgreen)

### Description

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-34981](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34981)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tomcat&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%2011.0.0-M5%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Incorrect%20loop%20logic&color=brighgreen)`

			`### Description`

			`A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`