Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2016-8745

Published: 10/08/2017 Updated: 15/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Tomcat

Vulnerability Summary

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.22

apache tomcat 7.0.23

apache tomcat 7.0.30

apache tomcat 7.0.11

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.7

apache tomcat 7.0.8

apache tomcat 7.0.45

apache tomcat 7.0.46

apache tomcat 7.0.54

apache tomcat 7.0.55

apache tomcat 7.0.63

apache tomcat 7.0.64

apache tomcat 7.0.71

apache tomcat 7.0.72

apache tomcat 8.0.1

apache tomcat 8.0.2

apache tomcat 8.0.3

apache tomcat 8.0.10

apache tomcat 8.0.11

apache tomcat 8.0.18

apache tomcat 8.0.19

apache tomcat 8.0.27

apache tomcat 8.0.28

apache tomcat 8.0.35

apache tomcat 8.0.36

apache tomcat 8.5.3

apache tomcat 8.5.4

apache tomcat 9.0.0

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.24

apache tomcat 7.0.25

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.20

apache tomcat 7.0.1

apache tomcat 7.0.9

apache tomcat 7.0.0

apache tomcat 7.0.47

apache tomcat 7.0.48

apache tomcat 7.0.56

apache tomcat 7.0.57

apache tomcat 7.0.58

apache tomcat 7.0.65

apache tomcat 7.0.66

apache tomcat 7.0.73

apache tomcat 8.0

apache tomcat 8.0.4

apache tomcat 8.0.5

apache tomcat 8.0.12

apache tomcat 8.0.13

apache tomcat 8.0.20

apache tomcat 8.0.21

apache tomcat 8.0.29

apache tomcat 8.0.30

apache tomcat 8.0.37

apache tomcat 8.0.38

apache tomcat 8.5.5

apache tomcat 8.5.6

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.40

apache tomcat 7.0.21

apache tomcat 7.0.28

apache tomcat 7.0.29

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.5

apache tomcat 7.0.6

apache tomcat 7.0.43

apache tomcat 7.0.44

apache tomcat 7.0.52

apache tomcat 7.0.53

apache tomcat 7.0.61

apache tomcat 7.0.62

apache tomcat 7.0.69

apache tomcat 7.0.70

apache tomcat 8.0.0

apache tomcat 8.0.8

apache tomcat 8.0.9

apache tomcat 8.0.16

apache tomcat 8.0.17

apache tomcat 8.0.24

apache tomcat 8.0.25

apache tomcat 8.0.26

apache tomcat 8.0.33

apache tomcat 8.0.34

apache tomcat 8.5.1

apache tomcat 8.5.2

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.39

apache tomcat 7.0.26

apache tomcat 7.0.27

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.2

apache tomcat 7.0.3

apache tomcat 7.0.4

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.49

apache tomcat 7.0.50

apache tomcat 7.0.59

apache tomcat 7.0.60

apache tomcat 7.0.67

apache tomcat 7.0.68

apache tomcat 8.0.6

apache tomcat 8.0.7

apache tomcat 8.0.14

apache tomcat 8.0.15

apache tomcat 8.0.22

apache tomcat 8.0.23

apache tomcat 8.0.31

apache tomcat 8.0.32

apache tomcat 8.0.39

apache tomcat 8.5.0

apache tomcat 8.5.7

apache tomcat 8.5.8

Vendor Advisories

Red Hat: Moderate: tomcat6 security update
Synopsis Moderate: tomcat6 security update Type/Severity Security Advisory: Moderate Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Moderate: tomcat security update
Synopsis Moderate: tomcat security update Type/Severity Security Advisory: Moderate Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Debian Security Advisories: DSA-3754-1 tomcat7 -- security update
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure For the stable distribution (jessie), this problem has been fixed in version 7056-3+deb8u7 We recommend that you upgrade your tomcat7 packages ...
Debian Security Advisories: DSA-3755-1 tomcat8 -- security update
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure For the stable distribution (jessie), this problem has been fixed in version 8014-1+deb8u6 For the testing distribution (stretch), this problem has been fixed in version 859-1 For the unstable ...
Amazon Linux AMI: ALAS-2017-796
A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times This in turn meant that the same Processor could be used for concurrent requests Sharing a Processor can result in information leakage between requests including, not not limited t ...
Red Hat: Important: Red Hat JBoss Web Server security and enhancement update
Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Amazon Linux AMI: ALAS-2017-810
It was discovered that the code that parsed the HTTP request line permittedinvalid characters This could be exploited, in conjunction with a proxy thatalso permitted the invalid characters but with a different interpretation, toinject data into the HTTP response By manipulating the HTTP response theattacker could poison a web-cache, perform an XS ...
Red Hat: CVE-2016-8745
A bug was discovered in the error handling of the send file code for the NIO HTTP connector This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body ...
Ubuntu Security Notice: tomcat6, tomcat7 regression
USN-3177-1 introduced a regression in Tomcat ...
Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities
Several security issues were fixed in Tomcat ...
Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2017
Oracle Solaris Third Party Bulletin - January 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Up ...
Oracle Linux Bulletins: Oracle Linux Bulletin - January 2017
Oracle Linux Bulletin - January 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...
Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2017
Oracle Solaris Third Party Bulletin - April 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Oracle: Oracle Critical Patch Update Advisory - April 2018
Oracle Critical Patch Update Advisory - April 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous ...
Oracle Linux Bulletins: Oracle Linux Bulletin - April 2017
Oracle Linux Bulletin - April 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are release ...
Oracle: Oracle Critical Patch Update Advisory - October 2017
Oracle Critical Patch Update Advisory - October 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the ...

Github Repositories

cybsec

Cyber Securiy MOOC Unsecure project

LINK: githubcom/ilmari666/cybsec Based on the Springboot-template as per course material that can be installed and run with suitably configured Netbeans and Maven Five flaws as per wwwowasporg/images/7/72/OWASP_Top_10-2017_%28en%29pdfpdf This document can be read at githubcom/ilmari666/cybsec/blob/master/READMEmd FLAW 1: A2:2017 Broken Authentica

veracode-container-security-finding-parser Map Vulnerabilities into Different Layers of the Container Image Usage usage: mainpy [-h] [-i INSPECT_FILE] [-s SCAN_FILE] [-d] Example python mainpy Output: Scanned Image: juliantotzek/verademo1-tomcat:latest, Base Image OS Family: centos , Base Image OS Name: 761810 Base Image (based on the first Layer in veracode inspect comman

Recent Articles

VNC server library gets security fix
The Register • Richard Chirgwin • 09 Jan 2017

Debian plugs overflow vuln

An important fix for libvncserver has landed in Debian and on the library's GitHub page.
Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers.
As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming packets, leading to heap-based buffer overflows.
Clients could be attacked either for denial-of-service, or potentially for remote code execution.
The f...

Read more...
VNC server library gets security fix
The Register • Richard Chirgwin • 09 Jan 2017

Debian plugs overflow vuln

An important fix for libvncserver has landed in Debian and on the library's GitHub page.
Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers.
As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming packets, leading to heap-based buffer overflows.
Clients could be attacked either for denial-of-service, or potentially for remote code execution.
The f...

Read more...

References

CWE-388https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09http://www.securitytracker.com/id/1037432http://www.securityfocus.com/bid/94828http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2017/dsa-3755http://www.debian.org/security/2017/dsa-3754https://access.redhat.com/errata/RHSA-2017:0935https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-0527.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://security.netapp.com/advisory/ntap-20180607-0002/https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2017:0527https://nvd.nist.govhttps://usn.ubuntu.com/3177-2/https://www.securityfocus.com/bid/94828https://www.debian.org/security/./dsa-3754
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-5172CVE-2023-44023CVE-2023-30845elevation of privilegeinjectionCVE-2023-43234CVE-2023-41991cross-site request forgeryseacmsCVE-2023-5197
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook