Описание
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | not-affected | 10.1.40-1 |
| esm-apps/noble | not-affected | 10.1.16-1ubuntu0.1~esm2 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | not-affected | 10.1.16-1 |
| oracular | not-affected | 10.1.25-1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | DNE | |
| esm-apps/bionic | released | 8.5.39-1ubuntu1~18.04.3+esm5 |
| esm-infra/focal | DNE | |
| esm-infra/xenial | needs-triage | |
| focal | DNE | |
| jammy | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 9.0.70-2ubuntu3 |
| esm-apps/bionic | released | 9.0.16-3ubuntu0.18.04.2+esm4 |
| esm-apps/focal | released | 9.0.31-1ubuntu0.8 |
| esm-apps/jammy | released | 9.0.58-1ubuntu0.1+esm4 |
| esm-apps/noble | released | 9.0.70-2ubuntu0.1+esm2 |
| focal | released | 9.0.31-1ubuntu0.8 |
| jammy | needed | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
Показывать по
Ссылки на источники
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling vario ...
Уязвимость сервера приложений Apache Tomcat существует из-за неполной очистки временных или вспомогательных ресурсов, позволяющая нарушителю раскрыть защищаемую информацию
EPSS
5.3 Medium
CVSS3