Homepage
About Snyk

org.apache.tomcat.embed:tomcat-embed-core@11.0.0-M5 vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.tomcat.embed:tomcat-embed-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

org.apache.tomcat.embed:tomcat-embed-core is a Core Tomcat implementation.

Affected versions of this package are vulnerable to Information Exposure such that if a response does not have any HTTP headers set, no AJP SEND_HEADERS message would be sent. This would result in at least one AJP based proxy mod_proxy_ajp using the response headers from the previous request for the current request, leading to an information leak.

How to fix Information Exposure?

Upgrade org.apache.tomcat.embed:tomcat-embed-core to version 8.5.89, 9.0.75, 10.1.9, 11.0.0-M6 or higher.

[8.5.88,8.5.89) [9.0.74,9.0.75) [10.1.8,10.1.9) [11.0.0-M5,11.0.0-M6)
Go back to all versions of this package