Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
The product does not properly “clean up” and remove temporary or supporting resources after they have been used.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 8.5.0 (including) | 8.5.94 (excluding) |
Tomcat | Apache | 9.0.1 (including) | 9.0.81 (excluding) |
Tomcat | Apache | 10.1.1 (including) | 10.1.14 (excluding) |
Tomcat | Apache | 9.0.0-milestone1 (including) | 9.0.0-milestone1 (including) |
Tomcat | Apache | 9.0.0-milestone10 (including) | 9.0.0-milestone10 (including) |
Tomcat | Apache | 9.0.0-milestone11 (including) | 9.0.0-milestone11 (including) |
Tomcat | Apache | 9.0.0-milestone12 (including) | 9.0.0-milestone12 (including) |
Tomcat | Apache | 9.0.0-milestone13 (including) | 9.0.0-milestone13 (including) |
Tomcat | Apache | 9.0.0-milestone14 (including) | 9.0.0-milestone14 (including) |
Tomcat | Apache | 9.0.0-milestone15 (including) | 9.0.0-milestone15 (including) |
Tomcat | Apache | 9.0.0-milestone16 (including) | 9.0.0-milestone16 (including) |
Tomcat | Apache | 9.0.0-milestone17 (including) | 9.0.0-milestone17 (including) |
Tomcat | Apache | 9.0.0-milestone18 (including) | 9.0.0-milestone18 (including) |
Tomcat | Apache | 9.0.0-milestone19 (including) | 9.0.0-milestone19 (including) |
Tomcat | Apache | 9.0.0-milestone2 (including) | 9.0.0-milestone2 (including) |
Tomcat | Apache | 9.0.0-milestone20 (including) | 9.0.0-milestone20 (including) |
Tomcat | Apache | 9.0.0-milestone21 (including) | 9.0.0-milestone21 (including) |
Tomcat | Apache | 9.0.0-milestone22 (including) | 9.0.0-milestone22 (including) |
Tomcat | Apache | 9.0.0-milestone23 (including) | 9.0.0-milestone23 (including) |
Tomcat | Apache | 9.0.0-milestone24 (including) | 9.0.0-milestone24 (including) |
Tomcat | Apache | 9.0.0-milestone25 (including) | 9.0.0-milestone25 (including) |
Tomcat | Apache | 9.0.0-milestone26 (including) | 9.0.0-milestone26 (including) |
Tomcat | Apache | 9.0.0-milestone27 (including) | 9.0.0-milestone27 (including) |
Tomcat | Apache | 9.0.0-milestone3 (including) | 9.0.0-milestone3 (including) |
Tomcat | Apache | 9.0.0-milestone4 (including) | 9.0.0-milestone4 (including) |
Tomcat | Apache | 9.0.0-milestone5 (including) | 9.0.0-milestone5 (including) |
Tomcat | Apache | 9.0.0-milestone6 (including) | 9.0.0-milestone6 (including) |
Tomcat | Apache | 9.0.0-milestone7 (including) | 9.0.0-milestone7 (including) |
Tomcat | Apache | 9.0.0-milestone8 (including) | 9.0.0-milestone8 (including) |
Tomcat | Apache | 9.0.0-milestone9 (including) | 9.0.0-milestone9 (including) |
Tomcat | Apache | 10.1.0-milestone1 (including) | 10.1.0-milestone1 (including) |
Tomcat | Apache | 10.1.0-milestone10 (including) | 10.1.0-milestone10 (including) |
Tomcat | Apache | 10.1.0-milestone11 (including) | 10.1.0-milestone11 (including) |
Tomcat | Apache | 10.1.0-milestone12 (including) | 10.1.0-milestone12 (including) |
Tomcat | Apache | 10.1.0-milestone13 (including) | 10.1.0-milestone13 (including) |
Tomcat | Apache | 10.1.0-milestone14 (including) | 10.1.0-milestone14 (including) |
Tomcat | Apache | 10.1.0-milestone15 (including) | 10.1.0-milestone15 (including) |
Tomcat | Apache | 10.1.0-milestone16 (including) | 10.1.0-milestone16 (including) |
Tomcat | Apache | 10.1.0-milestone17 (including) | 10.1.0-milestone17 (including) |
Tomcat | Apache | 10.1.0-milestone18 (including) | 10.1.0-milestone18 (including) |
Tomcat | Apache | 10.1.0-milestone19 (including) | 10.1.0-milestone19 (including) |
Tomcat | Apache | 10.1.0-milestone2 (including) | 10.1.0-milestone2 (including) |
Tomcat | Apache | 10.1.0-milestone20 (including) | 10.1.0-milestone20 (including) |
Tomcat | Apache | 10.1.0-milestone3 (including) | 10.1.0-milestone3 (including) |
Tomcat | Apache | 10.1.0-milestone4 (including) | 10.1.0-milestone4 (including) |
Tomcat | Apache | 10.1.0-milestone5 (including) | 10.1.0-milestone5 (including) |
Tomcat | Apache | 10.1.0-milestone6 (including) | 10.1.0-milestone6 (including) |
Tomcat | Apache | 10.1.0-milestone7 (including) | 10.1.0-milestone7 (including) |
Tomcat | Apache | 10.1.0-milestone8 (including) | 10.1.0-milestone8 (including) |
Tomcat | Apache | 10.1.0-milestone9 (including) | 10.1.0-milestone9 (including) |
Tomcat | Apache | 11.0.0-milestone1 (including) | 11.0.0-milestone1 (including) |
Tomcat | Apache | 11.0.0-milestone10 (including) | 11.0.0-milestone10 (including) |
Tomcat | Apache | 11.0.0-milestone11 (including) | 11.0.0-milestone11 (including) |
Tomcat | Apache | 11.0.0-milestone2 (including) | 11.0.0-milestone2 (including) |
Tomcat | Apache | 11.0.0-milestone3 (including) | 11.0.0-milestone3 (including) |
Tomcat | Apache | 11.0.0-milestone4 (including) | 11.0.0-milestone4 (including) |
Tomcat | Apache | 11.0.0-milestone5 (including) | 11.0.0-milestone5 (including) |
Tomcat | Apache | 11.0.0-milestone6 (including) | 11.0.0-milestone6 (including) |
Tomcat | Apache | 11.0.0-milestone7 (including) | 11.0.0-milestone7 (including) |
Tomcat | Apache | 11.0.0-milestone8 (including) | 11.0.0-milestone8 (including) |
Tomcat | Apache | 11.0.0-milestone9 (including) | 11.0.0-milestone9 (including) |