EUVD-2022-5479

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Bug in Apache Tomcat allows concurrent request processing, risking information leakage in several versions.

Reporter	Title	Published	Views	Family All 166
IBM Security Bulletins	Security Bulletin: Apache Tomcat vulnerability affects IBM Algo One - Counterparty Credit Risk (CVE-2016-8745)	15 Jun 201822:49	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)	17 Jun 201815:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Core (CVE-2016-8745)	15 Jun 201822:49	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition	30 Aug 201907:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2016-8745)	15 Jun 201822:49	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "6e54ccbe-89fe-3a3e-a0db-6bbd27f15fbf",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "14c19100-1c7d-3a89-80d4-15efcbc3775e",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.0.0.RC1 to 8.0.39"
      },
      {
        "id": "2aa7e957-7298-3760-99f5-1c7da538a2ae",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "6.0.16 to 6.0.48"
      },
      {
        "id": "5e338288-c9a5-35cb-89e4-8ee6cb6e6971",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "7.0.0 to 7.0.73"
      },
      {
        "id": "bd9150e9-86fc-3024-bd4e-812ec5bfe962",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "8.5.0 to 8.5.8"
      },
      {
        "id": "c331f8c2-1d76-3815-ac3e-5d31b6297161",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "9.0.0.M1 to 9.0.0.M13"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-8745
github	www.github.com/apache/tomcat/commit/143bb466cf96a89e791b7db5626055ea819dad89
github	www.github.com/apache/tomcat/commit/16a57bc885e212839f1d717b94b01d154a36943a
github	www.github.com/apache/tomcat/commit/cbc9b18a845d3c8c053ac293dffda6c6c19dd92b
github	www.github.com/apache/tomcat80/commit/3dd2fec73e0de1edc1d3eb1c52a01255fdfc84e7
access	www.access.redhat.com/errata/RHSA-2017:0455
lists	www.lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

03 Oct 2025 20:07Current

7.7High risk

Vulners AI Score7.7

CVSS 37.5

CVSS 25

EPSS0.1091

SSVC