HomePentest-Tools.com Logo

Apache Tomcat NIO/NIO2 Connectors Information Disclosure Vulnerability - Windows CVE-2018-8037

Severity
CVSSv3 Score
5.9
Vulnerability description

Apache Tomcat is prone to an information disclosure vulnerability.

Risk description

The flaw exists due to an error where a mishandling of close in NIO/NIO2 connectors, user sessions can get mixed up. Successful exploitation can allow an attacker to reuse user sessions in a new connection.

Recommendation

Upgrade to Apache Tomcat version 9.0.10, 8.5.32 or later. Please see the references for more information.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Aug 2, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available