CVE-2016-8747
Published: 14 March 2017
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
Notes
Author | Note |
---|---|
ratliff | introduced in r1766968 |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
- http://svn.apache.org/r1774166
- http://svn.apache.org/viewvc?view=revision&revision=1774161
- http://svn.apache.org/viewvc?view=revision&revision=1774166
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-9.html
- http://svn.apache.org/r1774166
- https://www.cve.org/CVERecord?id=CVE-2016-8747
- NVD
- Launchpad
- Debian