CVE-2016-8745: Information Exposure

August 10, 2017 (updated April 15, 2019)

A bug in the error handling of the NIO HTTP connector in Apache Tomcat resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage.

References

www.securityfocus.com/bid/94828
www.securitytracker.com/id/1037432
lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4@%3Cannounce.tomcat.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2016-8745
security.gentoo.org/glsa/201705-09

Code Behaviors & Features

Detect and mitigate CVE-2016-8745 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →