Severity: important
Affected versions:
- Apache Tomcat 9.0.0.M1 through 9.0.106
Description:
Concurrent Execution using Shared Resource with Improper Synchronization
('Race Condition') vulnerability in Apache Tomcat when using the
APR/Native connector. This was particularly noticeable with client
initiated closes of HTTP/2 connections.
This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106.
Users are recommended to upgrade to version 9.0.107, which fixes the issue.
Credit:
Nacl (finder)
12SqweR (finder)
WHOAMI (finder)
yyzmoon (finder)
References:
https://lists.apache.org/thread/gxgh65004f25y8519coth6w7vchww030
https://tomcat.apache.org/
