Security Alert (A21-03-03): Multiple Vulnerabilities in Apache Tomcat
03 March 2021
Apache Software Foundation has released a security advisory to address multiple vulnerabilities in the Apache Tomcat. A remote attacker could exploit a previously incomplete fix by sending a specially crafted request. On a certain occasion, responses of h2c connection requests could be mixed up, allowing a user to see results of other users’ requests.
Apache Tomcat 10.0.0.M1 to 10.0.0
Apache Tomcat 9.0.0.M1 to 9.0.41
Apache Tomcat 8.5.0 to 8.5.61
Apache Tomcat 7.0.0 to 7.0.107
A successful exploitation of the vulnerabilities could lead to information disclosure or arbitrary code execution on an affected system.
Apache Software Foundation has released new versions of the products to address the issue and they can be downloaded at the following URLs: