CVE-2023-34981

Published: Jun 21, 2023

Modified: Feb 13, 2025

PUBLISHED

Description

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

Vendor	Product	Versions
Apache Software Foundation	Apache Tomcat	affected `11.0.0-M5` affected `10.1.8` affected `9.0.74` affected `8.5.88`

References

https://lists.apache.org/thread/j1ksjh9m9gx1q60rtk1sbzmxhvj5h5qz

vendor-advisory

https://security.netapp.com/advisory/ntap-20230714-0003/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-34981

Description

Affected Products

References