CVE-2021-25122

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

References

https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cannounce.tomcat.apache.org%3E

http://www.openwall.com/lists/oss-security/2021/03/01/1

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cusers.tomcat.apache.org%3E

https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html

https://security.netapp.com/advisory/ntap-20210409-0002/

https://www.debian.org/security/2021/dsa-4891

Details

Source: MITRE

Published: 2021-03-01

Updated: 2021-07-20

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 8.5.0 to 8.5.61 (inclusive)

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions from 9.0.0 to 9.0.41 (inclusive)

cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:-:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:10.0.0:milestone9:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (18 total)

IDNameProductFamilySeverity
151968MySQL 8.0.x < 8.0.26 Multiple Vulnerabilities (Jul 2021 CPU)NessusDatabases
medium
151116RHEL 7 : Red Hat JBoss Web Server 5.5.0 Security release (Moderate) (RHSA-2021:2561)NessusRed Hat Local Security Checks
high
150856Apache Tomcat 10.0.0-M1 < 10.0.2 multiple vulnerabilitiesNessusWeb Servers
high
149632EulerOS 2.0 SP8 : tomcat (EulerOS-SA-2021-1891)NessusHuawei Local Security Checks
high
148986Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Apr 2021 CPU)NessusCGI abuses
critical
148615Debian DSA-4891-1 : tomcat9 - security updateNessusDebian Local Security Checks
high
148353Photon OS 4.0: Apache PHSA-2021-4.0-0007NessusPhotonOS Local Security Checks
high
148309openSUSE Security Update : tomcat (openSUSE-2021-496)NessusSuSE Local Security Checks
high
148132Amazon Linux AMI : tomcat8 (ALAS-2021-1491)NessusAmazon Linux Local Security Checks
high
147953Photon OS 3.0: Apache PHSA-2021-3.0-0208NessusPhotonOS Local Security Checks
high
147952Photon OS 1.0: Apache PHSA-2021-1.0-0372NessusPhotonOS Local Security Checks
high
147818Photon OS 2.0: Apache PHSA-2021-2.0-0328NessusPhotonOS Local Security Checks
high
147164Apache Tomcat 9.0.0.M1 < 9.0.43 Multiple VulnerabilitiesNessusWeb Servers
high
112712Apache Tomcat 7.0.x < 7.0.108 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
112711Apache Tomcat 8.5.x < 8.5.63 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
112710Apache Tomcat 9.0.0.M1 < 9.0.43 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
112709Apache Tomcat 10.0.0-M1 < 10.0.2 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
147019Apache Tomcat 8.5.0 < 8.5.63 Multiple VulnerabilitiesNessusWeb Servers
high