CVE-2016-8747
Publication date 14 March 2017
Last updated 7 May 2026
Ubuntu priority
Description
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| tomcat8 | ||
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Notes
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.5 · High
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
Other references
- http://svn.apache.org/r1774166
- http://svn.apache.org/viewvc?view=revision&revision=1774161
- http://svn.apache.org/viewvc?view=revision&revision=1774166
- http://tomcat.apache.org/security-8.html
- http://tomcat.apache.org/security-9.html
- http://svn.apache.org/r1774166
- https://www.cve.org/CVERecord?id=CVE-2016-8747