Fixed in Apache Tomcat 9.0.0.M17
Note: The issue below was fixed in Apache Tomcat 9.0.0.M16 but the release vote for the 9.0.0.M16 release candidate did not pass. Therefore, although users must download 9.0.0.M17 to obtain a version that includes the fix for this issue, version 9.0.0.M16 is not included in the list of affected versions.
Moderate: Information Disclosure CVE-2016-8747
The refactoring to make wider use of ByteBuffer introduced a regression that could cause information to leak between requests on the same connection. When running behind a reverse proxy, this could result in information leakage between users. All HTTP connector variants are affected but HTTP/2 and AJP are not affected.
This was fixed in revision 1774161.
This issue was identified by the Apache Tomcat Security Team on 14 December 2016 and made public on 13 March 2017.
Affects: 9.0.0.M11 to 9.0.0.M15
'취약점 정보2' 카테고리의 다른 글
| D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials (0) | 2017.03.16 |
|---|---|
| Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-001 (0) | 2017.03.16 |
| MS 3월 보안 위협에 따른 정기 보안 업데이트 권고 (0) | 2017.03.15 |
| 2017년 3월 Microsoft 보안 공지 요약 (0) | 2017.03.15 |
| VMware Workstation and Fusion updates (0) | 2017.03.15 |