Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!Close


Published: 3 December 2020

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
impish Does not exist

bionic Needed

jammy Does not exist

kinetic Does not exist

lunar Does not exist

focal Does not exist

groovy Does not exist

hirsute Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
mantic Does not exist

Launchpad, Ubuntu, Debian
impish Not vulnerable

trusty Does not exist

Released (9.0.40-1)
jammy Not vulnerable

kinetic Not vulnerable

lunar Not vulnerable

Released (9.0.16-3ubuntu0.18.04.2)
Released (9.0.31-1ubuntu0.2)
groovy Ignored
(end of life)
hirsute Not vulnerable

xenial Does not exist

mantic Not vulnerable

Severity score breakdown

Parameter Value
Base score 7.5
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N