Main Vulnerability Database Vulnerabilities #VU67714

Information disclosure in Apache Tomcat - CVE-2021-43980

Published: September 28, 2022

Vulnerability identifier: #VU67714

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-43980

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apache Tomcat

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to incorrect implementation of blocking reads and writes. A remote attacker can trigger a concurrency bug and force client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client.

Remediation

Install updates from vendor's website.

External links

https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3

Information disclosure in Apache Tomcat - CVE-2021-43980

Description

Remediation

External links

Please verify you're human