CVE-2016-8747

NameCVE-2016-8747
DescriptionAn information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
tomcat8 (PTS)jessie8.0.14-1+deb8u11fixed
jessie (security)8.0.14-1+deb8u15fixed
stretch (security), stretch8.5.50-0+deb9u1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
tomcat8source(unstable)8.5.9-1
tomcat8sourcejessie(not affected)

Notes

[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
http://svn.apache.org/r1774166

Search for package or bug name: Reporting problems