Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

riginal Message- >> From: Mark Thomas >> Sent: maanantai 1. maaliskuuta 2021 13.05 >> To: Tomcat Users List >> Cc: annou...@tomcat.apache.org; annou...@apache.org; Tomcat Developers List >> >> Subject: [SECURITY] CVE-2021-25122 Apache Tomcat h2c

Re: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

Regards, Teemu Kursu -Original Message- From: Mark Thomas Sent: maanantai 1. maaliskuuta 2021 13.05 To: Tomcat Users List Cc: annou...@tomcat.apache.org; annou...@apache.org; Tomcat Developers List Subject: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up CVE-2021-25122 h2c

RE: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

Sent: maanantai 1. maaliskuuta 2021 13.05 To: Tomcat Users List Cc: annou...@tomcat.apache.org; annou...@apache.org; Tomcat Developers List Subject: [SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up CVE-2021-25122 h2c request mix-up Severity: Important Vendor: The Apache Software

[SECURITY] CVE-2021-25122 Apache Tomcat h2c request mix-up

CVE-2021-25122 h2c request mix-up Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.0 Apache Tomcat 9.0.0.M1 to 9.0.41 Apache Tomcat 8.5.0 to 8.5.61 Description: When responding to new h2c connection requests, Apache Tomcat could dup