Lucene search
ApacheCVELIST:CVE-2021-43980HistorySep 28, 2022 - 12:00 a.m.
CVE-2021-43980 Apache Tomcat: Information disclosure
2022-09-2800:00:00
CWE-362
apache
www.cve.org
The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.
CNA Affected
[
{
"vendor": "Apache Software Foundation",
"product": "Apache Tomcat",
"versions": [
{
"version": "10.1.0-M1 to 10.1.0-M12",
"status": "affected"
},
{
"version": "10.0.0-M1 to 10.0.18",
"status": "affected"
},
{
"version": "9.0.0-M1 to 9.0.60",
"status": "affected"
},
{
"version": "8.5.0 to 8.5.77",
"status": "affected"
}
]
}
]Related
redhatcve
redhatcve
CVE-2021-43980
2022-09-28 15:18:54
osv
osv
CVE-2021-43980
2022-09-28 14:15:09
Apache Tomcat Race Condition vulnerability
2022-09-29 00:00:25
BIT-tomcat-2021-43980
2024-03-06 11:09:43
nessus
nessus
RHEL 9 : apache_tomcat (Unpatched Vulnerability)
2024-05-11 00:00:00
SUSE SLES12 Security Update : tomcat (SUSE-SU-2022:4009-1)
2022-11-17 00:00:00
RHEL 8 : apache_tomcat (Unpatched Vulnerability)
2024-05-11 00:00:00
github
github
Apache Tomcat Race Condition vulnerability
2022-09-29 00:00:25
openvas
openvas
Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Windows
2022-09-29 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4009-1)
2022-11-17 00:00:00
Apache Tomcat Information Disclosure Vulnerability (Sep 2022) - Linux
2022-09-29 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.62
2022-04-01 00:00:00
Fixed in Apache Tomcat 10.1.0-M14
2022-04-01 00:00:00
Fixed in Apache Tomcat 8.5.78
2022-04-01 00:00:00
prion
prion
Design/Logic Flaw
2022-09-28 14:15:00
ubuntucve
ubuntucve
CVE-2021-43980
2022-09-28 00:00:00
veracode
veracode
Information Disclosure
2022-10-03 08:39:35
kaspersky
kaspersky
KLA19263 OSI vulnerability in Apache Tomcat
2022-04-01 00:00:00
debiancve
debiancve
CVE-2021-43980
2022-09-28 14:15:09
ibm
ibm
nvd
nvd
CVE-2021-43980
2022-09-28 14:15:09
f5
f5
K41102235 : Tomcat vulnerability CVE-2021-43980
2022-10-18 00:00:00
cve
cve
CVE-2021-43980
2022-09-28 14:15:09
amazon
amazon
Important: tomcat8
2023-04-13 19:01:00
redhat
redhat
debian
debian
[SECURITY] [DLA 3160-1] tomcat9 security update
2022-10-26 12:16:26
[SECURITY] [DSA 5265-1] tomcat9 security update
2022-10-29 21:59:51
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43