Description
Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.
Remediation
References
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.debian.org/security/2012/dsa-2401
Related Vulnerabilities
CVE-2020-2146 Vulnerability in maven package fr.edf.jenkins.plugins:mac
CVE-2023-5217 Vulnerability in npm package electron
CVE-2023-37963 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator
CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2018-1000601 Vulnerability in maven package org.jenkins-ci.plugins:ssh-credentials