Details
Description
It is possible for instances of ServletInputStream to be used in handling one request after Tomcat has recycled (i.e. reused) the stream for a different request.
Symptoms include, but are not limited to:
- Incorrect user agent reported in access logs. For example where an user agent "git/2.16.55" is reported where it should be "git/2.16.5"
- Incorrect client IP address reported in access logs. This will typically, like the user agent, involved the final character being repeated.
- Users interacting with the user interface experience failures with error "You've switched users"