admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/25xxx/CVE-2021-25122.json
CVE Team f70474adeb
"-Synchronized-Data."
2022-08-21 05:00:41 +00:00

157 lines
7.2 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2021-25122",
"STATE": "PUBLIC",
"TITLE": "Apache Tomcat h2c request mix-up"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Apache Tomcat 10",
"version_value": "10.0.2"
},
{
"version_affected": "<",
"version_name": "Apache Tomcat 9",
"version_value": "9.0.42"
},
{
"version_affected": "<",
"version_name": "Apache Tomcat 8.5",
"version_value": "8.5.62"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E",
"name": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
"url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[announce] 20210301 [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"url": "https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7@%3Cannounce.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210301 CVE-2021-25122: Apache Tomcat h2c request mix-up",
"url": "http://www.openwall.com/lists/oss-security/2021/03/01/1"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20210305 RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"url": "https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[tomcat-users] 20210305 Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up",
"url": "https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947@%3Cusers.tomcat.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210316 [SECURITY] [DLA 2596-1] tomcat8 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html"
},
{
"refsource": "DEBIAN",
"name": "DSA-4891",
"url": "https://www.debian.org/security/2021/dsa-4891"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210409-0002/",
"url": "https://security.netapp.com/advisory/ntap-20210409-0002/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"refsource": "GENTOO",
"name": "GLSA-202208-34",
"url": "https://security.gentoo.org/glsa/202208-34"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink