漏洞标题
WebSocket并发发送和关闭response的混淆
漏洞描述信息
WebSocket并发发送和关闭时的响应混淆
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
漏洞类别
N/A
漏洞标题
Response mix-up with WebSocket concurrent send and close
漏洞描述信息
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors.
CVSS信息
N/A
漏洞类别
不恰当的资源关闭或释放
漏洞标题
Apache Tomcat 代码问题漏洞
漏洞描述信息
Apache Tomcat是美国阿帕奇(Apache)基金会的一款轻量级Web应用服务器。该程序实现了对Servlet和JavaServer Page(JSP)的支持。 Apache Tomcat 8.5.0到8.5.75版本 9.0.0.M1到9.0.20版本存在安全漏洞,该漏洞源于如果 Web 应用程序在 WebSocket 连接关闭的同时发送 WebSocket 消息,则应用程序可能会在关闭后继续使用该套接字,导致数据返回错误。
CVSS信息
N/A
漏洞类别
代码问题