HomePentest-Tools.com Logo

Apache Tomcat NIO HTTP connector Information Disclosure Vulnerability (Windows) CVE-2016-8745

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache Tomcat is prone to an information disclosure vulnerability.

Risk description

The flaw exists due to error handling of the send file code for the NIO HTTP connector in Apache Tomcat resulting in the current Processor object being added to the Processor cache multiple times. This in turn means that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. Successful exploitation will allow remote attackers to gain access to potentially sensitive information.

Recommendation

Upgrade to Apache Tomcat version 9.0.0.M15 or 8.5.9 or 8.0.41 or 7.0.75 or 6.0.50 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 10, 2017
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available