Base Score

HIGH7.5

CVE-2023-34981

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

VectorNETWORK

Published Bysecurity@apache.org

Published DateJun 21, 2023, 11:15

Affected Versions(4)

org.apache.tomcat.embed:tomcat-embed-core(Maven)

Introduced11.0.0-M5

Fixed11.0.0-M6

LimitN/A

org.apache.tomcat.embed:tomcat-embed-core(Maven)

Introduced10.1.8

Fixed10.1.9

LimitN/A

org.apache.tomcat.embed:tomcat-embed-core(Maven)

Introduced9.0.74

Fixed9.0.75

LimitN/A

org.apache.tomcat:tomcat-coyote(Maven)

Introduced8.5.88

Fixed8.5.89

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.tomcat.embed:tomcat-embed-core(Maven)	11.0.0-M5	11.0.0-M6	N/A
org.apache.tomcat.embed:tomcat-embed-core(Maven)	10.1.8	10.1.9	N/A
org.apache.tomcat.embed:tomcat-embed-core(Maven)	9.0.74	9.0.75	N/A
org.apache.tomcat:tomcat-coyote(Maven)	8.5.88	8.5.89	N/A

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE

References

Base Score

HIGH7.5

Weakness Type (CWE):NVD-CWE-noinfo

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

NONE

Availability (A)

NONE