A vulnerability occurs in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90. Exploit this vulnerability to obtain sensitive information.

For more detail, please refer to attached diagram.

Official URL shown as below:

http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3C4cf697b0-db03-9eab-f2aa-54c2026d0e88@apache.org%3E