Lucene search

K
ubuntucveUbuntu.comUB:CVE-2018-8037
HistoryAug 02, 2018 - 12:00 a.m.

CVE-2018-8037

2018-08-0200:00:00
ubuntu.com
ubuntu.com
19

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

75.0%

If an async request was completed by the application at the same time as
the container triggered the async timeout, a race condition existed that
could result in a user seeing a response intended for a different user. An
additional issue was present in the NIO and NIO2 connectors that did not
correctly track the closure of the connection when an async request was
completed by the application and timed out by the container at the same
time. This could also result in a user seeing a response intended for
another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5
to 8.5.31.

Bugs

Notes

Author Note
debian Vulnerable code only present in 8.5.5 to 8.5.31 in 8.x series
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchtomcat8< 8.5.39-1ubuntu1~18.04.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.004

Percentile

75.0%