First published: Tue Mar 14 2017(Updated: )
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
Credit: security@apache.org security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apache Tomcat | =8.5.7 | |
Apache Tomcat | =8.5.8 | |
Apache Tomcat | =8.5.9 | |
Apache Tomcat | =9.0.0-m11 | |
Apache Tomcat | =9.0.0-m13 | |
Apache Tomcat | =9.0.0-m15 | |
Apache Tomcat | =9.0.0-milestone11 | |
Apache Tomcat | =9.0.0-milestone13 | |
Apache Tomcat | =9.0.0-milestone15 | |
maven/org.apache.tomcat:tomcat | >=9.0.0.M11<=9.0.0.M15 | 9.0.0.M16 |
maven/org.apache.tomcat:tomcat | >=8.5.7<=8.5.9 | 8.5.10 |
=8.5.7 | ||
=8.5.8 | ||
=8.5.9 | ||
=9.0.0-milestone11 | ||
=9.0.0-milestone13 | ||
=9.0.0-milestone15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.