发布时间: 2024年11月19日
修改时间: 2025年1月4日
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
| NVD | openEuler | |
|---|---|---|
| CVSS评分 | 6.5 | 6.5 |
| Attack Vector | Network | |
| Attack Complexity | Low | |
| Privileges Required | None | |
| User Interaction | None | |
| Scope | Unchanged | |
| Confidentiality | Low | |
| Integrity | Low | |
| Availability | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2024-4162 | Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | 2024年11月23日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | tomcat | Unaffected |
| KY3.5.2 | tomcat | Unaffected |
| KY3.5.3 | tomcat | Unaffected |
| V6 | tomcat | Unaffected |
