Description
The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Booking Calendar-Appointment Booking-BookIt Security Bypass (2.3.7)
Oracle Database Server CVE-2013-1554 Vulnerability (CVE-2013-1554)
Apache Traffic Server Improper Access Control Vulnerability (CVE-2025-31698)
WordPress Plugin Abandoned Cart Lite for WooCommerce Security Bypass (5.14.2)