tomcat: information disclosure due to incorrect Processor sharing

🗓️ 12 Apr 2017 15:02:18Reported by RedHatType

Tomcat information disclosure from incorrect Processor sharing in NIO HTTP send file error handling causes duplicate cache entries and session ID leakage.

Reporter	Title	Published	Views	Family All 166
IBM Security Bulletins	Security Bulletin: Apache Tomcat vulnerability affects IBM Algo One - Counterparty Credit Risk (CVE-2016-8745)	15 Jun 201822:49	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (TADDM)	17 Jun 201815:39	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is vulnerable to using Components with Known Vulnerabilities	16 Jun 201822:05	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Insight	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Core (CVE-2016-8745)	15 Jun 201822:49	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Team Server shipped with Jazz Reporting Service	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security vulnerabilities in WebSphere Application Server Community Edition	30 Aug 201907:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Algo Risk Application (CVE-2016-8745)	15 Jun 201822:49	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	7	any	tomcat	0:7.0.69-11.el7_3.noarch	tomcat-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-admin-webapps	0:7.0.69-11.el7_3.noarch	tomcat-admin-webapps-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-docs-webapp	0:7.0.69-11.el7_3.noarch	tomcat-docs-webapp-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-el-2.2-api	0:7.0.69-11.el7_3.noarch	tomcat-el-2.2-api-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-javadoc	0:7.0.69-11.el7_3.noarch	tomcat-javadoc-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-jsp-2.2-api	0:7.0.69-11.el7_3.noarch	tomcat-jsp-2.2-api-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-jsvc	0:7.0.69-11.el7_3.noarch	tomcat-jsvc-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-lib	0:7.0.69-11.el7_3.noarch	tomcat-lib-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-servlet-3.0-api	0:7.0.69-11.el7_3.noarch	tomcat-servlet-3.0-api-0:7.0.69-11.el7_3.noarch.noarch.rpm
Red Hat Enterprise Linux	7	any	tomcat-webapps	0:7.0.69-11.el7_3.noarch	tomcat-webapps-0:7.0.69-11.el7_3.noarch.noarch.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2016-8745
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2016-8745
tomcat	www.tomcat.apache.org/security-6.html
tomcat	www.tomcat.apache.org/security-7.html
tomcat	www.tomcat.apache.org/security-8.html
tomcat	www.tomcat.apache.org/security-8.html
cve	www.cve.org/CVERecord

13 May 2026 01:45Current

7.4High risk

Vulners AI Score7.4

CVSS 25

CVSS 37.5

EPSS0.1091

SSVC