CVE-2023-34981 in Communications Instant Messaging Serverinformation

Résumé (Anglaise)

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Réserver

08/06/2023

Divulgation

21/06/2023

Statut

Confirmé

Entrées

VulDB provides additional information and datapoints for this CVE:

Sources

• MITRE
• NVD
• CVE Details