Description
The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to 8.5.15, 8.0.0.RC1 to 8.0.44 and 7.0.41 to 7.0.78 did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Open Redirect (4.4.1)
Apache HTTP Server Other Vulnerability (CVE-2002-1593)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.30)
Joomla! Core Denial of Service (2.5.0 - 3.9.27)
WordPress Plugin Simplified Content Cross-Site Scripting (1.0.0)