CVE-2016-8745

tomcat: information disclosure due to incorrect Processor sharing

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

Un fallo en el control de errores del código de envío de archivo para el conector NIO HTTP en Apache Tomcat 9.0.0.M1 a 9.0.0.M13, 8.5.0 a 8.5.8, 8.0.0.RC1 a 8.0.39, 7.0.0 a 7.0.73 y 6.0.16 a 6.0.48 daba lugar a la adición del objeto Processor a la caché Processor varias veces. Esto significa que el mismo Processor podría emplearse para peticiones simultáneas. Compartir un Processor puede desembocar en un filtrado de información entre peticiones incluyendo, pero sin limitarse al ID de sesión y el cuerpo de la respuesta. Este error se detectó por primera vez en las versiones 8.5.x en adelante, donde parece que la refactorización del código Connector para las versiones 8.5.x en adelante aumentaba la posibilidad de que se observase el error. Al principio, se pensó que la refactorización de las versiones 8.5.x introdujo el error, pero investigaciones en mayor profundida han determinado que el error está presente en todas las versiones de Tomcat compatibles actualmente.

A bug was discovered in the error handling of the send file code for the NIO HTTP connector. This led to the current Processor object being added to the Processor cache multiple times allowing information leakage between requests including, and not limited to, session ID and the response body.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2016-10-18 CVE Reserved
2016-12-12 CVE Published
2024-02-04 EPSS Updated
2024-11-14 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-388: 7PK - Errors

CAPEC

References (32)

URL	Tag	Source
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html	X_refsource_confirm
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	X_refsource_confirm
http://www.securityfocus.com/bid/94828	Third Party Advisory
http://www.securitytracker.com/id/1037432	Third Party Advisory
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/4113c05d37f37c12b8033205684f04033c5f7a9bae117d4af23b32b4%40%3Cannounce.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	Mailing List
https://security.netapp.com/advisory/ntap-20180607-0002	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2017-0457.html	2023-12-08
http://rhn.redhat.com/errata/RHSA-2017-0527.html	2023-12-08
http://www.debian.org/security/2017/dsa-3754	2023-12-08
http://www.debian.org/security/2017/dsa-3755	2023-12-08
https://access.redhat.com/errata/RHSA-2017:0455	2023-12-08
https://access.redhat.com/errata/RHSA-2017:0456	2023-12-08
https://access.redhat.com/errata/RHSA-2017:0935	2023-12-08
https://security.gentoo.org/glsa/201705-09	2023-12-08
https://access.redhat.com/security/cve/CVE-2016-8745	2017-04-12
https://bugzilla.redhat.com/show_bug.cgi?id=1403824	2017-04-12

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.0 Search vendor "Apache" for product "Tomcat" and version "7.0.0"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.1 Search vendor "Apache" for product "Tomcat" and version "7.0.1"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.2 Search vendor "Apache" for product "Tomcat" and version "7.0.2"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.3 Search vendor "Apache" for product "Tomcat" and version "7.0.3"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.4 Search vendor "Apache" for product "Tomcat" and version "7.0.4"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.5 Search vendor "Apache" for product "Tomcat" and version "7.0.5"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.6 Search vendor "Apache" for product "Tomcat" and version "7.0.6"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.7 Search vendor "Apache" for product "Tomcat" and version "7.0.7"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.8 Search vendor "Apache" for product "Tomcat" and version "7.0.8"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.9 Search vendor "Apache" for product "Tomcat" and version "7.0.9"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.11 Search vendor "Apache" for product "Tomcat" and version "7.0.11"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.12 Search vendor "Apache" for product "Tomcat" and version "7.0.12"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.13 Search vendor "Apache" for product "Tomcat" and version "7.0.13"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.14 Search vendor "Apache" for product "Tomcat" and version "7.0.14"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.15 Search vendor "Apache" for product "Tomcat" and version "7.0.15"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.16 Search vendor "Apache" for product "Tomcat" and version "7.0.16"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.17 Search vendor "Apache" for product "Tomcat" and version "7.0.17"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.18 Search vendor "Apache" for product "Tomcat" and version "7.0.18"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.19 Search vendor "Apache" for product "Tomcat" and version "7.0.19"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.20 Search vendor "Apache" for product "Tomcat" and version "7.0.20"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.21 Search vendor "Apache" for product "Tomcat" and version "7.0.21"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.22 Search vendor "Apache" for product "Tomcat" and version "7.0.22"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.23 Search vendor "Apache" for product "Tomcat" and version "7.0.23"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.24 Search vendor "Apache" for product "Tomcat" and version "7.0.24"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.25 Search vendor "Apache" for product "Tomcat" and version "7.0.25"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.26 Search vendor "Apache" for product "Tomcat" and version "7.0.26"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.27 Search vendor "Apache" for product "Tomcat" and version "7.0.27"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.28 Search vendor "Apache" for product "Tomcat" and version "7.0.28"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.29 Search vendor "Apache" for product "Tomcat" and version "7.0.29"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.30 Search vendor "Apache" for product "Tomcat" and version "7.0.30"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.31 Search vendor "Apache" for product "Tomcat" and version "7.0.31"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.32 Search vendor "Apache" for product "Tomcat" and version "7.0.32"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.33 Search vendor "Apache" for product "Tomcat" and version "7.0.33"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.34 Search vendor "Apache" for product "Tomcat" and version "7.0.34"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.35 Search vendor "Apache" for product "Tomcat" and version "7.0.35"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.36 Search vendor "Apache" for product "Tomcat" and version "7.0.36"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.37 Search vendor "Apache" for product "Tomcat" and version "7.0.37"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.38 Search vendor "Apache" for product "Tomcat" and version "7.0.38"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.39 Search vendor "Apache" for product "Tomcat" and version "7.0.39"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.40 Search vendor "Apache" for product "Tomcat" and version "7.0.40"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.41 Search vendor "Apache" for product "Tomcat" and version "7.0.41"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.42 Search vendor "Apache" for product "Tomcat" and version "7.0.42"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.43 Search vendor "Apache" for product "Tomcat" and version "7.0.43"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.44 Search vendor "Apache" for product "Tomcat" and version "7.0.44"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.45 Search vendor "Apache" for product "Tomcat" and version "7.0.45"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.46 Search vendor "Apache" for product "Tomcat" and version "7.0.46"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.47 Search vendor "Apache" for product "Tomcat" and version "7.0.47"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.48 Search vendor "Apache" for product "Tomcat" and version "7.0.48"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.49 Search vendor "Apache" for product "Tomcat" and version "7.0.49"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.50 Search vendor "Apache" for product "Tomcat" and version "7.0.50"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.52 Search vendor "Apache" for product "Tomcat" and version "7.0.52"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.53 Search vendor "Apache" for product "Tomcat" and version "7.0.53"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.54 Search vendor "Apache" for product "Tomcat" and version "7.0.54"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.55 Search vendor "Apache" for product "Tomcat" and version "7.0.55"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.56 Search vendor "Apache" for product "Tomcat" and version "7.0.56"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.57 Search vendor "Apache" for product "Tomcat" and version "7.0.57"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.58 Search vendor "Apache" for product "Tomcat" and version "7.0.58"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.59 Search vendor "Apache" for product "Tomcat" and version "7.0.59"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.60 Search vendor "Apache" for product "Tomcat" and version "7.0.60"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.61 Search vendor "Apache" for product "Tomcat" and version "7.0.61"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.62 Search vendor "Apache" for product "Tomcat" and version "7.0.62"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.63 Search vendor "Apache" for product "Tomcat" and version "7.0.63"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.64 Search vendor "Apache" for product "Tomcat" and version "7.0.64"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.65 Search vendor "Apache" for product "Tomcat" and version "7.0.65"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.66 Search vendor "Apache" for product "Tomcat" and version "7.0.66"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.67 Search vendor "Apache" for product "Tomcat" and version "7.0.67"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.68 Search vendor "Apache" for product "Tomcat" and version "7.0.68"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.69 Search vendor "Apache" for product "Tomcat" and version "7.0.69"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.70 Search vendor "Apache" for product "Tomcat" and version "7.0.70"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.71 Search vendor "Apache" for product "Tomcat" and version "7.0.71"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.72 Search vendor "Apache" for product "Tomcat" and version "7.0.72"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				7.0.73 Search vendor "Apache" for product "Tomcat" and version "7.0.73"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0 Search vendor "Apache" for product "Tomcat" and version "8.0"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0"		rc1		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0"		rc10		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0"		rc3		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.0 Search vendor "Apache" for product "Tomcat" and version "8.0.0"		rc5		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.1 Search vendor "Apache" for product "Tomcat" and version "8.0.1"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.2 Search vendor "Apache" for product "Tomcat" and version "8.0.2"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.3 Search vendor "Apache" for product "Tomcat" and version "8.0.3"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.4 Search vendor "Apache" for product "Tomcat" and version "8.0.4"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.5 Search vendor "Apache" for product "Tomcat" and version "8.0.5"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.6 Search vendor "Apache" for product "Tomcat" and version "8.0.6"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.7 Search vendor "Apache" for product "Tomcat" and version "8.0.7"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.8 Search vendor "Apache" for product "Tomcat" and version "8.0.8"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.9 Search vendor "Apache" for product "Tomcat" and version "8.0.9"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.10 Search vendor "Apache" for product "Tomcat" and version "8.0.10"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.11 Search vendor "Apache" for product "Tomcat" and version "8.0.11"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.12 Search vendor "Apache" for product "Tomcat" and version "8.0.12"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.13 Search vendor "Apache" for product "Tomcat" and version "8.0.13"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.14 Search vendor "Apache" for product "Tomcat" and version "8.0.14"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.15 Search vendor "Apache" for product "Tomcat" and version "8.0.15"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.16 Search vendor "Apache" for product "Tomcat" and version "8.0.16"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.17 Search vendor "Apache" for product "Tomcat" and version "8.0.17"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.18 Search vendor "Apache" for product "Tomcat" and version "8.0.18"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.19 Search vendor "Apache" for product "Tomcat" and version "8.0.19"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.20 Search vendor "Apache" for product "Tomcat" and version "8.0.20"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.21 Search vendor "Apache" for product "Tomcat" and version "8.0.21"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.22 Search vendor "Apache" for product "Tomcat" and version "8.0.22"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.23 Search vendor "Apache" for product "Tomcat" and version "8.0.23"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.24 Search vendor "Apache" for product "Tomcat" and version "8.0.24"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.25 Search vendor "Apache" for product "Tomcat" and version "8.0.25"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.26 Search vendor "Apache" for product "Tomcat" and version "8.0.26"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.27 Search vendor "Apache" for product "Tomcat" and version "8.0.27"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.28 Search vendor "Apache" for product "Tomcat" and version "8.0.28"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.29 Search vendor "Apache" for product "Tomcat" and version "8.0.29"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.30 Search vendor "Apache" for product "Tomcat" and version "8.0.30"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.31 Search vendor "Apache" for product "Tomcat" and version "8.0.31"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.32 Search vendor "Apache" for product "Tomcat" and version "8.0.32"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.33 Search vendor "Apache" for product "Tomcat" and version "8.0.33"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.34 Search vendor "Apache" for product "Tomcat" and version "8.0.34"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.35 Search vendor "Apache" for product "Tomcat" and version "8.0.35"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.36 Search vendor "Apache" for product "Tomcat" and version "8.0.36"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.37 Search vendor "Apache" for product "Tomcat" and version "8.0.37"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.38 Search vendor "Apache" for product "Tomcat" and version "8.0.38"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.0.39 Search vendor "Apache" for product "Tomcat" and version "8.0.39"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.0 Search vendor "Apache" for product "Tomcat" and version "8.5.0"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.1 Search vendor "Apache" for product "Tomcat" and version "8.5.1"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.2 Search vendor "Apache" for product "Tomcat" and version "8.5.2"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.3 Search vendor "Apache" for product "Tomcat" and version "8.5.3"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.4 Search vendor "Apache" for product "Tomcat" and version "8.5.4"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.5 Search vendor "Apache" for product "Tomcat" and version "8.5.5"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.6 Search vendor "Apache" for product "Tomcat" and version "8.5.6"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.7 Search vendor "Apache" for product "Tomcat" and version "8.5.7"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				8.5.8 Search vendor "Apache" for product "Tomcat" and version "8.5.8"		-		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone1		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone10		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone11		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone12		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone13		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone2		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone3		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone4		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone5		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone6		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone7		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone8		Affected
Apache Search vendor "Apache"		Tomcat Search vendor "Apache" for product "Tomcat"				9.0.0 Search vendor "Apache" for product "Tomcat" and version "9.0.0"		milestone9		Affected