// For flags

CVE-2021-25122

Apache Tomcat h2c request mix-up

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

When responding to new h2c connection requests, Apache Tomcat versions 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41 and 8.5.0 to 8.5.61 could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request.

Cuando se responde a nuevas peticiones de conexión h2c, Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0, versiones 9.0.0.M1 hasta 9.0.41 y versiones 8.5.0 hasta 8.5.61, podrían duplicar los encabezados de petición y una cantidad limitada del cuerpo de petición de una petición a otra, lo que significa que el usuario A y el usuario B podrían visualizar los resultados de la petición del usuario A

A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate request headers and a limited amount of request body from one request to another meaning user A and user B could both see the results of user A's request. The highest threat from this vulnerability is to data confidentiality.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-01-14 CVE Reserved
  • 2021-03-01 CVE Published
  • 2023-11-15 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (17)
URL Tag Source
http://www.openwall.com/lists/oss-security/2021/03/01/1 Mailing List
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cusers.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rcd90bf36b1877e1310b87ecd14ed7bbb15da52b297efd9f0e7253a3b%40%3Cusers.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rd0463f9a5cbc02a485404c4b990f0da452e5ac5c237808edba11c947%40%3Cusers.tomcat.apache.org%3E Mailing List
https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E Mailing List
https://lists.debian.org/debian-lts-announce/2021/03/msg00018.html Mailing List
https://security.netapp.com/advisory/ntap-20210409-0002 Third Party Advisory
URL Date SRC
URL Date SRC
https://www.oracle.com//security-alerts/cpujul2021.html 2023-11-07
https://www.oracle.com/security-alerts/cpujan2022.html 2023-11-07
https://www.oracle.com/security-alerts/cpuoct2021.html 2023-11-07
URL Date SRC
https://lists.apache.org/thread.html/r7b95bc248603360501f18c8eb03bb6001ec0ee3296205b34b07105b7%40%3Cannounce.tomcat.apache.org%3E 2023-11-07
https://security.gentoo.org/glsa/202208-34 2023-11-07
https://www.debian.org/security/2021/dsa-4891 2023-11-07
https://access.redhat.com/security/cve/CVE-2021-25122 2022-07-07
https://bugzilla.redhat.com/show_bug.cgi?id=1934032 2022-07-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 >= 8.5.0 <= 8.5.61
Search vendor "Apache" for product "Tomcat" and version " >= 8.5.0 <= 8.5.61"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 >= 9.0.0 <= 9.0.41
Search vendor "Apache" for product "Tomcat" and version " >= 9.0.0 <= 9.0.41"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone1
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone10
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone11
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone12
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone13
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone14
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone15
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone16
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone17
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone18
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone19
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone2
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone20
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone21
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone22
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone23
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone24
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone25
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone26
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone27
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone3
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone4
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 9.0.0
Search vendor "Apache" for product "Tomcat" and version "9.0.0"
milestone5
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
-
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone1
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone10
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone2
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone3
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone4
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone5
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone6
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone7
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone8
Affected
Apache
Search vendor "Apache"
 Tomcat
Search vendor "Apache" for product "Tomcat"
 10.0.0
Search vendor "Apache" for product "Tomcat" and version "10.0.0"
milestone9
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Oracle
Search vendor "Oracle"
 Agile Plm
Search vendor "Oracle" for product "Agile Plm"
 9.3.3
Search vendor "Oracle" for product "Agile Plm" and version "9.3.3"
-
Affected
Oracle
Search vendor "Oracle"
 Agile Plm
Search vendor "Oracle" for product "Agile Plm"
 9.3.6
Search vendor "Oracle" for product "Agile Plm" and version "9.3.6"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Cloud Native Core Policy
Search vendor "Oracle" for product "Communications Cloud Native Core Policy"
 1.14.0
Search vendor "Oracle" for product "Communications Cloud Native Core Policy" and version "1.14.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Cloud Native Core Security Edge Protection Proxy
Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy"
 1.6.0
Search vendor "Oracle" for product "Communications Cloud Native Core Security Edge Protection Proxy" and version "1.6.0"
-
Affected
Oracle
Search vendor "Oracle"
 Communications Instant Messaging Server
Search vendor "Oracle" for product "Communications Instant Messaging Server"
 10.0.1.5.0
Search vendor "Oracle" for product "Communications Instant Messaging Server" and version "10.0.1.5.0"
-
Affected
Oracle
Search vendor "Oracle"
 Database
Search vendor "Oracle" for product "Database"
 12.2.0.1
Search vendor "Oracle" for product "Database" and version "12.2.0.1"
enterprise
Affected
Oracle
Search vendor "Oracle"
 Database
Search vendor "Oracle" for product "Database"
 19c
Search vendor "Oracle" for product "Database" and version "19c"
enterprise
Affected
Oracle
Search vendor "Oracle"
 Database
Search vendor "Oracle" for product "Database"
 21c
Search vendor "Oracle" for product "Database" and version "21c"
enterprise
Affected
Oracle
Search vendor "Oracle"
 Graph Server And Client
Search vendor "Oracle" for product "Graph Server And Client"
 < 21.3.0
Search vendor "Oracle" for product "Graph Server And Client" and version " < 21.3.0"
-
Affected
Oracle
Search vendor "Oracle"
 Graph Server And Client
Search vendor "Oracle" for product "Graph Server And Client"
 21.3.0
Search vendor "Oracle" for product "Graph Server And Client" and version "21.3.0"
-
Affected
Oracle
Search vendor "Oracle"
 Instantis Enterprisetrack
Search vendor "Oracle" for product "Instantis Enterprisetrack"
 17.1
Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.1"
-
Affected
Oracle
Search vendor "Oracle"
 Instantis Enterprisetrack
Search vendor "Oracle" for product "Instantis Enterprisetrack"
 17.2
Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.2"
-
Affected
Oracle
Search vendor "Oracle"
 Instantis Enterprisetrack
Search vendor "Oracle" for product "Instantis Enterprisetrack"
 17.3
Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.3"
-
Affected
Oracle
Search vendor "Oracle"
 Managed File Transfer
Search vendor "Oracle" for product "Managed File Transfer"
 12.2.1.3.0
Search vendor "Oracle" for product "Managed File Transfer" and version "12.2.1.3.0"
-
Affected
Oracle
Search vendor "Oracle"
 Managed File Transfer
Search vendor "Oracle" for product "Managed File Transfer"
 12.2.1.4.0
Search vendor "Oracle" for product "Managed File Transfer" and version "12.2.1.4.0"
-
Affected
Oracle
Search vendor "Oracle"
 Mysql Enterprise Monitor
Search vendor "Oracle" for product "Mysql Enterprise Monitor"
 <= 8.0.23
Search vendor "Oracle" for product "Mysql Enterprise Monitor" and version " <= 8.0.23"
-
Affected
Oracle
Search vendor "Oracle"
 Siebel Ui Framework
Search vendor "Oracle" for product "Siebel Ui Framework"
 <= 21.9
Search vendor "Oracle" for product "Siebel Ui Framework" and version " <= 21.9"
-
Affected