If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7, 9.0.0.M1 to 9.0.37 or 8.5.0 to 8.5.57 exceeded the agreed maximum number of concurrent streams for a connection (in violation of the HTTP/2 protocol), it was possible that a subsequent request made on that connection could contain HTTP headers - including HTTP/2 pseudo headers - from a previous request rather than the intended headers. This could lead to users seeing responses for unexpected resources.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 8.5.0 (including) | 8.5.0 (including) |
| Tomcat | Apache | 8.5.1 (including) | 8.5.1 (including) |
| Tomcat | Apache | 8.5.2 (including) | 8.5.2 (including) |
| Tomcat | Apache | 8.5.3 (including) | 8.5.3 (including) |
| Tomcat | Apache | 8.5.4 (including) | 8.5.4 (including) |
| Tomcat | Apache | 8.5.5 (including) | 8.5.5 (including) |
| Tomcat | Apache | 8.5.6 (including) | 8.5.6 (including) |
| Tomcat | Apache | 8.5.7 (including) | 8.5.7 (including) |
| Tomcat | Apache | 8.5.8 (including) | 8.5.8 (including) |
| Tomcat | Apache | 8.5.9 (including) | 8.5.9 (including) |
| Tomcat | Apache | 8.5.10 (including) | 8.5.10 (including) |
| Tomcat | Apache | 8.5.11 (including) | 8.5.11 (including) |
| Tomcat | Apache | 8.5.12 (including) | 8.5.12 (including) |
| Tomcat | Apache | 8.5.13 (including) | 8.5.13 (including) |
| Tomcat | Apache | 8.5.14 (including) | 8.5.14 (including) |
| Tomcat | Apache | 8.5.15 (including) | 8.5.15 (including) |
| Tomcat | Apache | 8.5.16 (including) | 8.5.16 (including) |
| Tomcat | Apache | 8.5.17 (including) | 8.5.17 (including) |
| Tomcat | Apache | 8.5.18 (including) | 8.5.18 (including) |
| Tomcat | Apache | 8.5.19 (including) | 8.5.19 (including) |
| Tomcat | Apache | 8.5.20 (including) | 8.5.20 (including) |
| Tomcat | Apache | 8.5.21 (including) | 8.5.21 (including) |
| Tomcat | Apache | 8.5.22 (including) | 8.5.22 (including) |
| Tomcat | Apache | 8.5.23 (including) | 8.5.23 (including) |
| Tomcat | Apache | 8.5.24 (including) | 8.5.24 (including) |
| Tomcat | Apache | 8.5.25 (including) | 8.5.25 (including) |
| Tomcat | Apache | 8.5.26 (including) | 8.5.26 (including) |
| Tomcat | Apache | 8.5.27 (including) | 8.5.27 (including) |
| Tomcat | Apache | 8.5.28 (including) | 8.5.28 (including) |
| Tomcat | Apache | 8.5.29 (including) | 8.5.29 (including) |
| Tomcat | Apache | 8.5.30 (including) | 8.5.30 (including) |
| Tomcat | Apache | 8.5.31 (including) | 8.5.31 (including) |
| Tomcat | Apache | 8.5.32 (including) | 8.5.32 (including) |
| Tomcat | Apache | 8.5.33 (including) | 8.5.33 (including) |
| Tomcat | Apache | 8.5.34 (including) | 8.5.34 (including) |
| Tomcat | Apache | 8.5.35 (including) | 8.5.35 (including) |
| Tomcat | Apache | 8.5.36 (including) | 8.5.36 (including) |
| Tomcat | Apache | 8.5.37 (including) | 8.5.37 (including) |
| Tomcat | Apache | 8.5.38 (including) | 8.5.38 (including) |
| Tomcat | Apache | 8.5.39 (including) | 8.5.39 (including) |
| Tomcat | Apache | 8.5.40 (including) | 8.5.40 (including) |
| Tomcat | Apache | 8.5.41 (including) | 8.5.41 (including) |
| Tomcat | Apache | 8.5.42 (including) | 8.5.42 (including) |
| Tomcat | Apache | 8.5.43 (including) | 8.5.43 (including) |
| Tomcat | Apache | 8.5.44 (including) | 8.5.44 (including) |
| Tomcat | Apache | 8.5.45 (including) | 8.5.45 (including) |
| Tomcat | Apache | 8.5.46 (including) | 8.5.46 (including) |
| Tomcat | Apache | 8.5.47 (including) | 8.5.47 (including) |
| Tomcat | Apache | 8.5.48 (including) | 8.5.48 (including) |
| Tomcat | Apache | 8.5.49 (including) | 8.5.49 (including) |
| Tomcat | Apache | 8.5.50 (including) | 8.5.50 (including) |
| Tomcat | Apache | 8.5.51 (including) | 8.5.51 (including) |
| Tomcat | Apache | 8.5.52 (including) | 8.5.52 (including) |
| Tomcat | Apache | 8.5.53 (including) | 8.5.53 (including) |
| Tomcat | Apache | 8.5.54 (including) | 8.5.54 (including) |
| Tomcat | Apache | 8.5.55 (including) | 8.5.55 (including) |
| Tomcat | Apache | 8.5.56 (including) | 8.5.56 (including) |
| Tomcat | Apache | 8.5.57 (including) | 8.5.57 (including) |
| Tomcat | Apache | 9.0.0-milestone10 (including) | 9.0.0-milestone10 (including) |
| Tomcat | Apache | 9.0.0-milestone11 (including) | 9.0.0-milestone11 (including) |
| Tomcat | Apache | 9.0.0-milestone12 (including) | 9.0.0-milestone12 (including) |
| Tomcat | Apache | 9.0.0-milestone13 (including) | 9.0.0-milestone13 (including) |
| Tomcat | Apache | 9.0.0-milestone14 (including) | 9.0.0-milestone14 (including) |
| Tomcat | Apache | 9.0.0-milestone15 (including) | 9.0.0-milestone15 (including) |
| Tomcat | Apache | 9.0.0-milestone16 (including) | 9.0.0-milestone16 (including) |
| Tomcat | Apache | 9.0.0-milestone17 (including) | 9.0.0-milestone17 (including) |
| Tomcat | Apache | 9.0.0-milestone18 (including) | 9.0.0-milestone18 (including) |
| Tomcat | Apache | 9.0.0-milestone19 (including) | 9.0.0-milestone19 (including) |
| Tomcat | Apache | 9.0.0-milestone20 (including) | 9.0.0-milestone20 (including) |
| Tomcat | Apache | 9.0.0-milestone21 (including) | 9.0.0-milestone21 (including) |
| Tomcat | Apache | 9.0.0-milestone22 (including) | 9.0.0-milestone22 (including) |
| Tomcat | Apache | 9.0.0-milestone23 (including) | 9.0.0-milestone23 (including) |
| Tomcat | Apache | 9.0.0-milestone24 (including) | 9.0.0-milestone24 (including) |
| Tomcat | Apache | 9.0.0-milestone25 (including) | 9.0.0-milestone25 (including) |
| Tomcat | Apache | 9.0.0-milestone26 (including) | 9.0.0-milestone26 (including) |
| Tomcat | Apache | 9.0.0-milestone27 (including) | 9.0.0-milestone27 (including) |
| Tomcat | Apache | 9.0.0-milestone5 (including) | 9.0.0-milestone5 (including) |
| Tomcat | Apache | 9.0.0-milestone6 (including) | 9.0.0-milestone6 (including) |
| Tomcat | Apache | 9.0.0-milestone7 (including) | 9.0.0-milestone7 (including) |
| Tomcat | Apache | 9.0.0-milestone8 (including) | 9.0.0-milestone8 (including) |
| Tomcat | Apache | 9.0.0-milestone9 (including) | 9.0.0-milestone9 (including) |
| Tomcat | Apache | 9.0.1 (including) | 9.0.1 (including) |
| Tomcat | Apache | 9.0.2 (including) | 9.0.2 (including) |
| Tomcat | Apache | 9.0.3 (including) | 9.0.3 (including) |
| Tomcat | Apache | 9.0.4 (including) | 9.0.4 (including) |
| Tomcat | Apache | 9.0.5 (including) | 9.0.5 (including) |
| Tomcat | Apache | 9.0.6 (including) | 9.0.6 (including) |
| Tomcat | Apache | 9.0.7 (including) | 9.0.7 (including) |
| Tomcat | Apache | 9.0.8 (including) | 9.0.8 (including) |
| Tomcat | Apache | 9.0.9 (including) | 9.0.9 (including) |
| Tomcat | Apache | 9.0.10 (including) | 9.0.10 (including) |
| Tomcat | Apache | 9.0.11 (including) | 9.0.11 (including) |
| Tomcat | Apache | 9.0.12 (including) | 9.0.12 (including) |
| Tomcat | Apache | 9.0.13 (including) | 9.0.13 (including) |
| Tomcat | Apache | 9.0.14 (including) | 9.0.14 (including) |
| Tomcat | Apache | 9.0.15 (including) | 9.0.15 (including) |
| Tomcat | Apache | 9.0.16 (including) | 9.0.16 (including) |
| Tomcat | Apache | 9.0.17 (including) | 9.0.17 (including) |
| Tomcat | Apache | 9.0.18 (including) | 9.0.18 (including) |
| Tomcat | Apache | 9.0.19 (including) | 9.0.19 (including) |
| Tomcat | Apache | 9.0.20 (including) | 9.0.20 (including) |
| Tomcat | Apache | 9.0.21 (including) | 9.0.21 (including) |
| Tomcat | Apache | 9.0.22 (including) | 9.0.22 (including) |
| Tomcat | Apache | 9.0.23 (including) | 9.0.23 (including) |
| Tomcat | Apache | 9.0.24 (including) | 9.0.24 (including) |
| Tomcat | Apache | 9.0.25 (including) | 9.0.25 (including) |
| Tomcat | Apache | 9.0.26 (including) | 9.0.26 (including) |
| Tomcat | Apache | 9.0.27 (including) | 9.0.27 (including) |
| Tomcat | Apache | 9.0.28 (including) | 9.0.28 (including) |
| Tomcat | Apache | 9.0.29 (including) | 9.0.29 (including) |
| Tomcat | Apache | 9.0.30 (including) | 9.0.30 (including) |
| Tomcat | Apache | 9.0.31 (including) | 9.0.31 (including) |
| Tomcat | Apache | 9.0.32 (including) | 9.0.32 (including) |
| Tomcat | Apache | 9.0.33 (including) | 9.0.33 (including) |
| Tomcat | Apache | 9.0.34 (including) | 9.0.34 (including) |
| Tomcat | Apache | 9.0.35 (including) | 9.0.35 (including) |
| Tomcat | Apache | 9.0.36 (including) | 9.0.36 (including) |
| Tomcat | Apache | 9.0.37 (including) | 9.0.37 (including) |
| Tomcat | Apache | 10.0.0-milestone1 (including) | 10.0.0-milestone1 (including) |
| Tomcat | Apache | 10.0.0-milestone2 (including) | 10.0.0-milestone2 (including) |
| Tomcat | Apache | 10.0.0-milestone3 (including) | 10.0.0-milestone3 (including) |
| Tomcat | Apache | 10.0.0-milestone4 (including) | 10.0.0-milestone4 (including) |
| Tomcat | Apache | 10.0.0-milestone5 (including) | 10.0.0-milestone5 (including) |
| Tomcat | Apache | 10.0.0-milestone6 (including) | 10.0.0-milestone6 (including) |
| Tomcat | Apache | 10.0.0-milestone7 (including) | 10.0.0-milestone7 (including) |
| Red Hat Fuse 7.10 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 5 | RedHat | tomcat | * |
| Red Hat JBoss Web Server 5.4 on RHEL 7 | RedHat | jws5-tomcat-0:9.0.36-9.redhat_8.1.el7jws | * |
| Red Hat JBoss Web Server 5.4 on RHEL 7 | RedHat | jws5-tomcat-native-0:1.2.25-3.redhat_3.el7jws | * |
| Red Hat JBoss Web Server 5.4 on RHEL 8 | RedHat | jws5-tomcat-0:9.0.36-9.redhat_8.1.el8jws | * |
| Red Hat JBoss Web Server 5.4 on RHEL 8 | RedHat | jws5-tomcat-native-0:1.2.25-3.redhat_3.el8jws | * |
| Red Hat Support for Spring Boot 2.4.9 | RedHat | tomcat | * |
| Tomcat8 | Ubuntu | trusty | * |
| Tomcat9 | Ubuntu | trusty | * |
| Tomcat9 | Ubuntu | upstream | * |