CVE-2016-8747

NameCVE-2016-8747
DescriptionAn information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat8sourcejessie(not affected)
tomcat8source(unstable)8.5.9-1

Notes

[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
http://svn.apache.org/r1774166
Search for package or bug name: Reporting problems