VDB

GCVE-VVD-MAGEIA-2021-357

GCVE-VVD-MAGEIA-2021-357
Advisory Published
Vulnetix · Advisory published July 20, 2021
When responding to new h2c connection requests, Apache Tomcat versions 9.0.0.M1 to 9.0.41 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request (CVE-2021-25122). The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 9.0.0.M1 to 9.0.41 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494 (CVE-2021-25329).
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageiatomcat0 (affected), 9.0.41-1.2.mga8 (unaffected)

References

Updated tomcat packages fix security vulnerabilities
advisory
Updated tomcat packages fix security vulnerabilities
issue
Updated tomcat packages fix security vulnerabilities
issue
Updated tomcat packages fix security vulnerabilities
issue
Updated tomcat packages fix security vulnerabilities
issue
Updated tomcat packages fix security vulnerabilities
issue
Updated tomcat packages fix security vulnerabilities
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›