Apache Tomcat 8.5.7 < 8.5.11 / 9.0.0.M11 < 9.0.0.M17 nextRequest Information Disclosure

medium Nessus Network Monitor Plugin ID 700007

Synopsis

The remote Apache Tomcat server is affected by an information disclosure vulnerability.

Description

The version of Apache Tomcat installed on the remote host is version 8.5.x prior to 8.5.11 or 9.0.0.x prior to 9.0.0.M17, and is affected by a flaw in the 'nextRequest()' function in 'http11/Http11InputBuffer.java' that is triggered as limits of a ByteBuffer are not properly set, resulting in the contents of a ByteBuffer leaking between HTTP requests. This may allow a remote attacker to read potentially sensitive information from other requests on the same connection.

Note that Nessus Network Monitor has not attempted to exploit this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Apache Tomcat version 8.5.11 / 9.0.0.M17 or later. Note that the vulnerability was also fixed in version 8.5.10 / 9.0.0.M16; however, this version was never publicly released.

See Also

https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.11,https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M17

Plugin Details

Severity: Medium

ID: 700007

Family: Web Servers

Published: 3/17/2017

Updated: 3/6/2019

Nessus ID: 99362

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:apache:tomcat

Patch Publication Date: 1/16/2017

Vulnerability Publication Date: 3/13/2017

Reference Information

CVE: CVE-2016-8747

BID: 96895