CVE-2023-34981 in Communications Instant Messaging Server
Сводка (Английский)
A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Резервировать
08.06.2023
Раскрытие
21.06.2023
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE: