If attackers successfully address a security gap in the Apache Tomcat open source web server, they could interrupt connections and possibly leak information. Now the developers have released fixed versions.
The Apache Tomcat mailing list does not currently reveal the vulnerability threat level (CVE-2020-17527). However, admirers should update their web servers quickly.
The developers have discovered that attackers could reuse HTTP requests received from older streams indefinitely. This usually leads to an error and the connection breaks down (DoS). It should also be possible for information to leak in this way.
The expenses have been paid 8.5.60, 9.0.40 a 10.0.0-M10. According to the developers, all previous versions are under threat.