security.snyk.io
Open in
urlscan Pro
2600:1408:ec00:28e::ecd
Public Scan
Submitted URL: https://email.snyk.io/c/eJyUkMtu6jAURb_Gnlw5co4dmww8CAm5L_FQQVQd2idOiUiCFQIVf19BEQNG7dTeW2fthbYLtnnvDdFTAtDbzhMAIjIC8O...
Effective URL: https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793
Submission: On August 01 via api from US — Scanned from US
Effective URL: https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793
Submission: On August 01 via api from US — Scanned from US
Form analysis 0 forms found in the DOM
Text Content
Developer Tools * Snyk Learn * Snyk Advisor * Code Checker About Snyk 1. Snyk Vulnerability Database 2. Maven 3. org.apache.tomcat.embed:tomcat-embed-core INFORMATION EXPOSURE AFFECTING ORG.APACHE.TOMCAT.EMBED:TOMCAT-EMBED-CORE PACKAGE, VERSIONS [8.5.0,8.5.78) [9.0.0-M1,9.0.62) [10.0.0-M1,10.0.20) [10.1.0-M1,10.1.0-M14) -------------------------------------------------------------------------------- SEVERITY Recommended 3.7 low 0 10 CVSS ASSESSMENT MADE BY SNYK'S SECURITY TEAM Learn more THREAT INTELLIGENCE EPSS 0.2% (59th percentile) Do your applications use this vulnerable package? In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes. Test your applications * Snyk ID SNYK-JAVA-ORGAPACHETOMCATEMBED-3035793 * published 29 Sep 2022 * disclosed 27 Sep 2022 * credit Adam Thomas, Richard Hernandez, Ryan Schmitt Report a new vulnerability Found a mistake? INTRODUCED: 27 SEP 2022 CVE-2021-43980 Open this link in a new tab CWE-200 Open this link in a new tab Share HOW TO FIX? Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.78, 9.0.62, 10.0.20, 10.1.0-M14 or higher. OVERVIEW org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation. Affected versions of this package are vulnerable to Information Exposure. due to a concurrency bug that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. REFERENCES * Apache Thread * GitHub Commit * RedHat Bugzilla Bug CVSS SCORES version 3.1 Expand this section SNYK 3.7 low * Attack Vector (AV) Network * Attack Complexity (AC) High * Privileges Required (PR) None * User Interaction (UI) None * Scope (S) Unchanged * Confidentiality (C) Low * Integrity (I) None * Availability (A) None Expand this section NVD 3.7 low Expand this section SUSE 5.9 medium Expand this section RED HAT 3.7 low PRODUCT * Snyk Open Source * Snyk Code * Snyk Container * Snyk Infrastructure as Code * Test with Github * Test with CLI RESOURCES * Vulnerability DB * Documentation * Disclosed Vulnerabilities * Blog * FAQs COMPANY * About * Jobs * Contact * Policies * Do Not Sell My Personal Information CONTACT US * Support * Report a new vuln * Press Kit * Events FIND US ONLINE * * * * TRACK OUR DEVELOPMENT * * © 2024 Snyk Limited Registered in England and Wales. Company number: 09677925 Registered address: Highlands House, Basingstoke Road, Spencers Wood, Reading, Berkshire, RG7 1NT.