0.003 Low
EPSS
Percentile
68.4%
A vulnerability was discovered in Tomcat where the CORS Filter did not send a “Vary: Origin” HTTP header. This potentially allowed sensitive data to be leaked to other visitors through both client-side and server-side caches.
bugzilla.redhat.com/show_bug.cgi?id=1480618
tomcat.apache.org/security-7.html https://tomcat.apache.org/security-8.html