Severity: important
Affected versions:
- Apache Tomcat 11.0.0-M23 through 11.0.0-M26
- Apache Tomcat 10.1.27 through 10.1.30
- Apache Tomcat 9.0.92 through 9.0.95
Description:
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.
Incorrect recycling of the request and response used by HTTP/2 requests
could lead to request and/or response mix-up between users.
This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26,
from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.
Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96,
which fixes the issue.
References:
https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs
https://tomcat.apache.org/
https://www.cve.org/CVERecord?id=CVE-2024-52317
