Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
446
VMScore

CVE-2016-8745

Published: 10/08/2017 Updated: 08/12/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Tomcat

Vulnerability Summary

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 8.0.4

apache tomcat 8.0.10

apache tomcat 7.0.49

apache tomcat 8.0.30

apache tomcat 7.0.12

apache tomcat 7.0.62

apache tomcat 8.0.17

apache tomcat 7.0.53

apache tomcat 7.0.20

apache tomcat 8.0.7

apache tomcat 7.0.34

apache tomcat 8.0.26

apache tomcat 7.0.58

apache tomcat 8.5.2

apache tomcat 7.0.8

apache tomcat 7.0.55

apache tomcat 8.5.4

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.5

apache tomcat 8.0.2

apache tomcat 7.0.63

apache tomcat 8.0.20

apache tomcat 7.0.22

apache tomcat 8.0.31

apache tomcat 8.5.0

apache tomcat 7.0.39

apache tomcat 7.0.26

apache tomcat 7.0.46

apache tomcat 7.0.72

apache tomcat 8.0.5

apache tomcat 7.0.71

apache tomcat 7.0.28

apache tomcat 8.0.1

apache tomcat 8.0.0

apache tomcat 7.0.59

apache tomcat 7.0.65

apache tomcat 8.0.19

apache tomcat 7.0.0

apache tomcat 7.0.50

apache tomcat 7.0.6

apache tomcat 8.0

apache tomcat 8.0.39

apache tomcat 7.0.18

apache tomcat 8.0.12

apache tomcat 7.0.14

apache tomcat 8.0.27

apache tomcat 8.0.15

apache tomcat 7.0.48

apache tomcat 7.0.11

apache tomcat 7.0.67

apache tomcat 7.0.23

apache tomcat 7.0.66

apache tomcat 8.0.22

apache tomcat 7.0.44

apache tomcat 7.0.69

apache tomcat 8.0.29

apache tomcat 7.0.7

apache tomcat 7.0.52

apache tomcat 7.0.42

apache tomcat 7.0.60

apache tomcat 7.0.37

apache tomcat 7.0.29

apache tomcat 7.0.45

apache tomcat 8.0.11

apache tomcat 8.0.24

apache tomcat 8.0.36

apache tomcat 7.0.68

apache tomcat 8.5.5

apache tomcat 8.0.23

apache tomcat 8.5.3

apache tomcat 8.0.33

apache tomcat 7.0.13

apache tomcat 7.0.47

apache tomcat 8.5.6

apache tomcat 8.0.6

apache tomcat 8.0.21

apache tomcat 8.0.32

apache tomcat 7.0.41

apache tomcat 7.0.31

apache tomcat 7.0.30

apache tomcat 7.0.15

apache tomcat 7.0.19

apache tomcat 7.0.16

apache tomcat 8.0.25

apache tomcat 7.0.36

apache tomcat 8.0.18

apache tomcat 7.0.25

apache tomcat 7.0.54

apache tomcat 8.0.35

apache tomcat 7.0.35

apache tomcat 7.0.61

apache tomcat 8.0.3

apache tomcat 8.0.38

apache tomcat 7.0.57

apache tomcat 7.0.43

apache tomcat 8.0.13

apache tomcat 8.0.14

apache tomcat 8.0.9

apache tomcat 7.0.32

apache tomcat 7.0.38

apache tomcat 7.0.21

apache tomcat 7.0.27

apache tomcat 8.5.7

apache tomcat 8.5.8

apache tomcat 7.0.24

apache tomcat 7.0.17

apache tomcat 7.0.40

apache tomcat 8.0.16

apache tomcat 7.0.9

apache tomcat 7.0.4

apache tomcat 8.0.8

apache tomcat 7.0.3

apache tomcat 7.0.56

apache tomcat 8.0.34

apache tomcat 8.0.28

apache tomcat 7.0.64

apache tomcat 8.0.37

apache tomcat 7.0.70

apache tomcat 8.5.1

apache tomcat 7.0.33

apache tomcat 7.0.73

apache tomcat 9.0.0

Vendor Advisories

Red Hat: Moderate: tomcat security update
Synopsis Moderate: tomcat security update Type/Severity Security Advisory: Moderate Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, whic ...
Red Hat: Moderate: tomcat6 security update
Synopsis Moderate: tomcat6 security update Type/Severity Security Advisory: Moderate Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...
Red Hat: Important: Red Hat JBoss Web Server security and enhancement update
Synopsis Important: Red Hat JBoss Web Server security and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web ServerRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System ...
Ubuntu Security Notice: tomcat6, tomcat7 regression
USN-3177-1 introduced a regression in Tomcat ...
Ubuntu Security Notice: tomcat6, tomcat7, tomcat8 vulnerabilities
Several security issues were fixed in Tomcat ...
Debian Security Advisories: DSA-3755-1 tomcat8 -- security update
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure For the stable distribution (jessie), this problem has been fixed in version 8014-1+deb8u6 For the testing distribution (stretch), this problem has been fixed in version 859-1 For the unstable ...
Debian Security Advisories: DSA-3754-1 tomcat7 -- security update
It was discovered that incorrect error handling in the NIO HTTP connector of the Tomcat servlet and JSP engine could result in information disclosure For the stable distribution (jessie), this problem has been fixed in version 7056-3+deb8u7 We recommend that you upgrade your tomcat7 packages ...
Amazon Linux AMI: ALAS-2017-796
A bug in the error handling of the send file code for the NIO HTTP connector resulted in the current Processor object being added to the Processor cache multiple times This in turn meant that the same Processor could be used for concurrent requests Sharing a Processor can result in information leakage between requests including, not not limited t ...
Amazon Linux AMI: ALAS-2017-810
It was discovered that the code that parsed the HTTP request line permittedinvalid characters This could be exploited, in conjunction with a proxy thatalso permitted the invalid characters but with a different interpretation, toinject data into the HTTP response By manipulating the HTTP response theattacker could poison a web-cache, perform an XS ...
Red Hat: CVE-2016-8745
A bug was discovered in the error handling of the send file code for the NIO HTTP connector This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body ...

Recent Articles

VNC server library gets security fix
The Register • Richard Chirgwin • 09 Jan 2017

Debian plugs overflow vuln

An important fix for libvncserver has landed in Debian and on the library's GitHub page. Late in 2016, a bug emerged in the VNC libraries that left clients vulnerable to malicious servers. As the Debian advisory states, the fix addresses two bugs: CVE-2016-9941 and CVE-2016-9942. The libraries incorrectly handled incoming packets, leading to heap-based buffer overflows. Clients could be attacked either for denial-of-service, or potentially for remote code execution. The folks at libvncserver pus...

Read more...

References

CWE-388https://security.gentoo.org/glsa/201705-09http://www.securitytracker.com/id/1037432http://www.securityfocus.com/bid/94828http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlhttp://www.debian.org/security/2017/dsa-3755http://www.debian.org/security/2017/dsa-3754https://access.redhat.com/errata/RHSA-2017:0935https://access.redhat.com/errata/RHSA-2017:0456https://access.redhat.com/errata/RHSA-2017:0455http://rhn.redhat.com/errata/RHSA-2017-0527.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttps://security.netapp.com/advisory/ntap-20180607-0002/https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2017:0935https://usn.ubuntu.com/3177-2/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook