CVE-2023-34981

HIGH Year: 2023
CVSS v3 Score
7.5
High
Weakness Type
CWE-732
View all →

Vulnerability Description

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.

Related Vulnerabilities

CVE-2007-5743

HIGH
CVSS:7.5(High)

viewvc 1.0.3 allows improper access control to files in a repository when using the "forbidden" configuration option.

CWE-7322007

CVE-2017-0317

HIGH
CVSS:7.5(High)

All versions of NVIDIA GPU and GeForce Experience installer contain a vulnerability where it fails to set proper permissions on the package extraction path thus allowing a non-privileged user to tampe...

CWE-7322017

CVE-2017-0845

HIGH
CVSS:7.5(High)

A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827.

CWE-7322017

CVE-2017-1000125

HIGH
CVSS:7.5(High)

Codiad(full version) is vulnerable to write anything to configure file in the installation resulting upload a webshell.

CWE-7322017

CVE-2017-17568

HIGH
CVSS:7.5(High)

Scubez Posty Readymade Classifieds has Incorrect Access Control for visiting admin/user_activate_submit.php (aka the backend PHP script), which might allow remote attackers to obtain sensitive informa...

CWE-7322017

CVE-2017-4952

HIGH
CVSS:7.5(High)

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access...

CWE-7322017