CVE-2016-8745 - CVE Vulnerability

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions. (CVSS:0.0) (Last Update:2017-08-10)

Vulnerability Details : A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions. Publish Date : 2017-08-10 Last Update Date : 2017-08-10 - CVSS Scores & Vulnerability Types CVSS Score 0.0 Confidentiality Impact ??? Integrity Impact ??? Availability Impact ??? Access Complexity ??? Authentication ??? Gained Access None Vulnerability Type(s) Obtain Information CWE ID CWE id is not defined for this vulnerability - Related OVAL Definitions Title Definition Id Class Family RHSA-2017:0527: tomcat6 security update (Moderate) oval:com.redhat.rhsa:def:20170527 unix RHSA-2017:0935: tomcat security update (Moderate) oval:com.redhat.rhsa:def:20170935 unix OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability. - Products Affected By CVE-2016-8745 # Product Type Vendor Product Version Update Edition Language No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. - References For CVE-2016-8745 https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E MLIST [announce] 20170105 [SECURITY][UPDATE] CVE-2016-8745 Apache Tomcat Information Disclosure

- Metasploit Modules Related To CVE-2016-8745 There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)