VYPR
High severityNVD Advisory· Published Jun 21, 2023· Updated Feb 13, 2025

Apache Tomcat: AJP response header mix-up

CVE-2023-34981

Description

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 11.0.0-M5, < 11.0.0-M611.0.0-M6
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 10.1.8, < 10.1.910.1.9
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 9.0.74, < 9.0.759.0.75
org.apache.tomcat:tomcat-coyoteMaven
>= 8.5.88, < 8.5.898.5.89

Affected products

4

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.