- Home
- CVEs with nessus.description==According to its self-reported version number, the Apache Tomcat
service running on the remote host is 6.0.16 prior to 6.0.50, 7.0.x
prior to 7.0.75, 8.0.x prior to 8.0.41, 8.5.x prior to 8.5.9, or
9.0.x prior to 9.0.0.M15. It is therefore, affected by an information
disclosure vulnerability in error handling during send file processing
by the NIO HTTP connector, in which an error can cause the current
Processor object to be added to the Processor cache multiple times.
This allows the same Processor to be used for concurrent requests.
An unauthenticated, remote attacker can exploit this issue, via a
shared Processor, to disclose sensitive information, such as session
IDs, response bodies related to another request, etc.
Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top