Lucene search

GoogleOSV:GHSA-FJWP-R6FM-Q6QW

HistoryMay 14, 2022 - 1:10 a.m.

Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request

2022-05-1401:10:15

Google

osv.dev

6.3 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

JSON

An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.

CPENameOperatorVersion
org.apache.tomcat:tomcateq9.0.0.M11
org.apache.tomcat:tomcateq8.5.8
org.apache.tomcat:tomcateq9.0.0.M15
org.apache.tomcat:tomcateq8.5.9
org.apache.tomcat:tomcateq9.0.0.M13

Name	Operator	Version
org.apache.tomcat:tomcat	eq	9.0.0.M11
org.apache.tomcat:tomcat	eq	8.5.8
org.apache.tomcat:tomcat	eq	9.0.0.M15
org.apache.tomcat:tomcat	eq	8.5.9
org.apache.tomcat:tomcat	eq	9.0.0.M13

References

svn.apache.org/viewvc?view=revision&revision=1774161

svn.apache.org/viewvc?view=revision&revision=1774166

tomcat.apache.org/security-8.html

tomcat.apache.org/security-9.html

github.com/apache/tomcat

github.com/apache/tomcat/commit/452c8094a665ef6375530e81c033da4eeb2e4865

github.com/apache/tomcat/commit/9601a937ff3b7ef5d04b2a0e950d0e44e1bb4cbd

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E

nvd.nist.gov/vuln/detail/CVE-2016-8747

security.netapp.com/advisory/ntap-20180614-0002

web.archive.org/web/20200227183332/www.securityfocus.com/bid/96895