Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF

Moderate EPSS: 0.04116% (0.88123 Percentile) EPSS:
Permalink JSON

Apache Tomcat Request and/or response mix-up

Affected Packages Affected Versions Fixed Versions
maven:org.apache.tomcat:tomcat-coyote >= 11.0.0-M23, < 11.0.0, >= 10.1.27, < 10.1.31, >= 9.0.92, < 9.0.96 11.0.0, 10.1.31, 9.0.96
232 Dependent packages
2,130 Dependent repositories

Affected Version Ranges

All affected versions

9.0.93, 9.0.94, 9.0.95, 10.1.28, 10.1.29, 10.1.30, 11.0.0-M3, 11.0.0-M4, 11.0.0-M5, 11.0.0-M6, 11.0.0-M7, 11.0.0-M9, 11.0.0-M24, 11.0.0-M25, 11.0.0-M26

All unaffected versions

7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.72, 7.0.73, 7.0.75, 7.0.76, 7.0.77, 7.0.78, 7.0.79, 7.0.81, 7.0.82, 7.0.84, 7.0.85, 7.0.86, 7.0.88, 7.0.90, 7.0.91, 7.0.92, 7.0.93, 7.0.94, 7.0.96, 7.0.99, 7.0.100, 7.0.103, 7.0.104, 7.0.105, 7.0.106, 7.0.107, 7.0.108, 7.0.109, 8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35, 8.0.36, 8.0.37, 8.0.38, 8.0.39, 8.0.41, 8.0.42, 8.0.43, 8.0.44, 8.0.45, 8.0.46, 8.0.47, 8.0.48, 8.0.49, 8.0.50, 8.0.51, 8.0.52, 8.0.53, 8.5.0, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.8, 8.5.9, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15, 8.5.16, 8.5.19, 8.5.20, 8.5.21, 8.5.23, 8.5.24, 8.5.27, 8.5.28, 8.5.29, 8.5.30, 8.5.31, 8.5.32, 8.5.33, 8.5.34, 8.5.35, 8.5.37, 8.5.38, 8.5.39, 8.5.40, 8.5.41, 8.5.42, 8.5.43, 8.5.45, 8.5.46, 8.5.47, 8.5.49, 8.5.50, 8.5.51, 8.5.53, 8.5.54, 8.5.55, 8.5.56, 8.5.57, 8.5.58, 8.5.59, 8.5.60, 8.5.61, 8.5.63, 8.5.64, 8.5.65, 8.5.66, 8.5.68, 8.5.69, 8.5.70, 8.5.71, 8.5.72, 8.5.73, 8.5.75, 8.5.76, 8.5.77, 8.5.78, 8.5.79, 8.5.81, 8.5.82, 8.5.83, 8.5.84, 8.5.85, 8.5.86, 8.5.87, 8.5.88, 8.5.89, 8.5.90, 8.5.91, 8.5.92, 8.5.93, 8.5.94, 8.5.95, 8.5.96, 8.5.97, 8.5.98, 8.5.99, 8.5.100, 9.0.1, 9.0.2, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.10, 9.0.11, 9.0.12, 9.0.13, 9.0.14, 9.0.16, 9.0.17, 9.0.19, 9.0.20, 9.0.21, 9.0.22, 9.0.24, 9.0.26, 9.0.27, 9.0.29, 9.0.30, 9.0.31, 9.0.33, 9.0.34, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.48, 9.0.50, 9.0.52, 9.0.53, 9.0.54, 9.0.55, 9.0.56, 9.0.58, 9.0.59, 9.0.60, 9.0.62, 9.0.63, 9.0.64, 9.0.65, 9.0.67, 9.0.68, 9.0.69, 9.0.70, 9.0.71, 9.0.72, 9.0.73, 9.0.74, 9.0.75, 9.0.76, 9.0.78, 9.0.79, 9.0.80, 9.0.81, 9.0.82, 9.0.83, 9.0.84, 9.0.85, 9.0.86, 9.0.87, 9.0.88, 9.0.89, 9.0.90, 9.0.91, 9.0.96, 9.0.97, 9.0.98, 10.0.0, 10.0.2, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.10, 10.0.11, 10.0.12, 10.0.13, 10.0.14, 10.0.16, 10.0.17, 10.0.18, 10.0.20, 10.0.21, 10.0.22, 10.0.23, 10.0.26, 10.0.27, 10.1.0, 10.1.1, 10.1.2, 10.1.4, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 10.1.9, 10.1.10, 10.1.11, 10.1.12, 10.1.13, 10.1.14, 10.1.15, 10.1.16, 10.1.17, 10.1.18, 10.1.19, 10.1.20, 10.1.23, 10.1.24, 10.1.25, 10.1.26, 10.1.31, 10.1.33, 10.1.34, 11.0.0, 11.0.1, 11.0.2
maven:org.apache.tomcat.embed:tomcat-embed-core >= 11.0.0-M23, < 11.0.0, >= 10.1.27, < 10.1.31, >= 9.0.92, < 9.0.96 11.0.0, 10.1.31, 9.0.96
1,044 Dependent packages
14,197 Dependent repositories

Affected Version Ranges

All affected versions

9.0.93, 9.0.94, 9.0.95, 10.1.28, 10.1.29, 10.1.30, 11.0.0-M3, 11.0.0-M4, 11.0.0-M5, 11.0.0-M6, 11.0.0-M7, 11.0.0-M9, 11.0.0-M24, 11.0.0-M25, 11.0.0-M26

All unaffected versions

7.0.0, 7.0.2, 7.0.4, 7.0.5, 7.0.6, 7.0.8, 7.0.11, 7.0.12, 7.0.14, 7.0.16, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.37, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.47, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.59, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.72, 7.0.73, 7.0.75, 7.0.76, 7.0.77, 7.0.78, 7.0.79, 7.0.81, 7.0.82, 7.0.84, 7.0.85, 7.0.86, 7.0.88, 7.0.90, 7.0.91, 7.0.92, 7.0.93, 7.0.94, 7.0.96, 7.0.99, 7.0.100, 7.0.103, 7.0.104, 7.0.105, 7.0.106, 7.0.107, 7.0.108, 7.0.109, 8.0.1, 8.0.3, 8.0.5, 8.0.8, 8.0.9, 8.0.11, 8.0.12, 8.0.14, 8.0.15, 8.0.17, 8.0.18, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.32, 8.0.33, 8.0.35, 8.0.36, 8.0.37, 8.0.38, 8.0.39, 8.0.41, 8.0.42, 8.0.43, 8.0.44, 8.0.45, 8.0.46, 8.0.47, 8.0.48, 8.0.49, 8.0.50, 8.0.51, 8.0.52, 8.0.53, 8.5.0, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.8, 8.5.9, 8.5.11, 8.5.12, 8.5.13, 8.5.14, 8.5.15, 8.5.16, 8.5.19, 8.5.20, 8.5.21, 8.5.23, 8.5.24, 8.5.27, 8.5.28, 8.5.29, 8.5.30, 8.5.31, 8.5.32, 8.5.33, 8.5.34, 8.5.35, 8.5.37, 8.5.38, 8.5.39, 8.5.40, 8.5.41, 8.5.42, 8.5.43, 8.5.45, 8.5.46, 8.5.47, 8.5.49, 8.5.50, 8.5.51, 8.5.53, 8.5.54, 8.5.55, 8.5.56, 8.5.57, 8.5.58, 8.5.59, 8.5.60, 8.5.61, 8.5.63, 8.5.64, 8.5.65, 8.5.66, 8.5.68, 8.5.69, 8.5.70, 8.5.71, 8.5.72, 8.5.73, 8.5.75, 8.5.76, 8.5.77, 8.5.78, 8.5.79, 8.5.81, 8.5.82, 8.5.83, 8.5.84, 8.5.85, 8.5.86, 8.5.87, 8.5.88, 8.5.89, 8.5.90, 8.5.91, 8.5.92, 8.5.93, 8.5.94, 8.5.95, 8.5.96, 8.5.97, 8.5.98, 8.5.99, 8.5.100, 9.0.1, 9.0.2, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.10, 9.0.11, 9.0.12, 9.0.13, 9.0.14, 9.0.16, 9.0.17, 9.0.19, 9.0.20, 9.0.21, 9.0.22, 9.0.24, 9.0.26, 9.0.27, 9.0.29, 9.0.30, 9.0.31, 9.0.33, 9.0.34, 9.0.35, 9.0.36, 9.0.37, 9.0.38, 9.0.39, 9.0.40, 9.0.41, 9.0.43, 9.0.44, 9.0.45, 9.0.46, 9.0.48, 9.0.50, 9.0.52, 9.0.53, 9.0.54, 9.0.55, 9.0.56, 9.0.58, 9.0.59, 9.0.60, 9.0.62, 9.0.63, 9.0.64, 9.0.65, 9.0.67, 9.0.68, 9.0.69, 9.0.70, 9.0.71, 9.0.72, 9.0.73, 9.0.74, 9.0.75, 9.0.76, 9.0.78, 9.0.79, 9.0.80, 9.0.81, 9.0.82, 9.0.83, 9.0.84, 9.0.85, 9.0.86, 9.0.87, 9.0.88, 9.0.89, 9.0.90, 9.0.91, 9.0.96, 9.0.97, 10.0.0, 10.0.2, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.10, 10.0.11, 10.0.12, 10.0.13, 10.0.14, 10.0.16, 10.0.17, 10.0.18, 10.0.20, 10.0.21, 10.0.22, 10.0.23, 10.0.26, 10.0.27, 10.1.0, 10.1.1, 10.1.2, 10.1.4, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 10.1.9, 10.1.10, 10.1.11, 10.1.12, 10.1.13, 10.1.14, 10.1.15, 10.1.16, 10.1.17, 10.1.18, 10.1.19, 10.1.20, 10.1.23, 10.1.24, 10.1.25, 10.1.26, 10.1.31, 10.1.33, 11.0.0, 11.0.1

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users.

This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.

Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.

References:

Identifiers

GHSA-qvf5-hvjx-wm27

CVE-2024-52317

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.04116

EPSS Percentile: 0.88123

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/apache/tomcat

Date and time

Published

8 months ago

Updated

6 months ago

API

JSON