漏洞类别:Web server
漏洞等级: 
漏洞信息
Apache Tomcat is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF).
The vulnerability exists because of refactoring of the HTTP connectors, that was introduced as a result of a regression in the send file processing. If the send file processing i completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
漏洞危害
Successful exploitation allows remote attackers to obtain sensitive information that may aid in further attacks.
解决方案
Customers are advised to upgrade to Apache Tomcat versions 9.0.0.M19, 8.5.13 or later to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论