You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2016/12/12 09:38:50 UTC
svn commit: r1773755 - in /tomcat/site/trunk: docs/security-8.html
docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml
Author: markt
Date: Mon Dec 12 09:38:50 2016
New Revision: 1773755
URL: http://svn.apache.org/viewvc?rev=1773755&view=rev
Log:
Add info for CVE-2016-8745
Modified:
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml
Modified: tomcat/site/trunk/docs/security-8.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1773755&r1=1773754&r2=1773755&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Mon Dec 12 09:38:50 2016
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_8.x_vulnerabilities">Apache Tomcat 8.x vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_8.5.9">Fixed in Apache Tomcat 8.5.9</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_8.0.39">Fixed in Apache Tomcat 8.0.39</a>
</li>
<li>
@@ -312,6 +315,38 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_8.5.9">
+<span style="float: right;">8 December 2016</span> Fixed in Apache Tomcat 8.5.9</h3>
+<div class="text">
+
+
+<p>
+<strong>Important: Information Disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a>
+</p>
+
+
+<p>The refactoring of the Connector code for 8.5.x onwards introduced a
+ regression in the error handling of the send file code for the NIO HTTP
+ connector. An error during send file processing resulted in the current
+ Processor object being added to the Processor cache multiple times. This
+ in turn meant that the same Processor could be used for concurrent
+ requests. Sharing a Processor can result in information leakage between
+ requests including, not not limited to, session ID and the response body.
+ </p>
+
+
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1771857">1771857</a>.</p>
+
+
+<p>This issue was identified by the Apache Tomcat Security Team on 8 December
+ 2016 and made public on 12 December 2016.</p>
+
+
+<p>Affects: 8.5.0 to 8.5.8</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_8.0.39">
<span style="float: right;">14 November 2016</span> Fixed in Apache Tomcat 8.0.39</h3>
<div class="text">
Modified: tomcat/site/trunk/docs/security-9.html
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1773755&r1=1773754&r2=1773755&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Mon Dec 12 09:38:50 2016
@@ -219,6 +219,9 @@
<a href="#Apache_Tomcat_9.x_vulnerabilities">Apache Tomcat 9.x vulnerabilities</a>
</li>
<li>
+<a href="#Fixed_in_Apache_Tomcat_9.0.0.M15">Fixed in Apache Tomcat 9.0.0.M15</a>
+</li>
+<li>
<a href="#Fixed_in_Apache_Tomcat_9.0.0.M13">Fixed in Apache Tomcat 9.0.0.M13</a>
</li>
<li>
@@ -279,6 +282,47 @@
</div>
+<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M15">
+<span style="float: right;">8 December 2016</span> Fixed in Apache Tomcat 9.0.0.M15</h3>
+<div class="text">
+
+
+<p>
+<i>Note: The issue below was fixed in Apache Tomcat 9.0.0.M14 but the
+ release vote for the 9.0.0.M14 release candidate did not pass. Therefore,
+ although users must download 9.0.0.M15 to obtain a version that includes
+ the fix for this issue, version 9.0.0.M14 is not included in the list of
+ affected versions.</i>
+</p>
+
+
+<p>
+<strong>Important: Information Disclosure</strong>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8745" rel="nofollow">CVE-2016-8745</a>
+</p>
+
+
+<p>The refactoring of the Connector code for 8.5.x onwards introduced a
+ regression in the error handling of the send file code for the NIO HTTP
+ connector. An error during send file processing resulted in the current
+ Processor object being added to the Processor cache multiple times. This
+ in turn meant that the same Processor could be used for concurrent
+ requests. Sharing a Processor can result in information leakage between
+ requests including, not not limited to, session ID and the response body.
+ </p>
+
+
+<p>This was fixed in revision <a href="http://svn.apache.org/viewvc?view=rev&rev=1771853">1771853</a>.</p>
+
+
+<p>This issue was identified by the Apache Tomcat Security Team on 8 December
+ 2016 and made public on 12 December 2016.</p>
+
+
+<p>Affects: 9.0.0.M1 to 9.0.0.M13</p>
+
+
+</div>
<h3 id="Fixed_in_Apache_Tomcat_9.0.0.M13">
<span style="float: right;">8 November 2016</span> Fixed in Apache Tomcat 9.0.0.M13</h3>
<div class="text">
Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1773755&r1=1773754&r2=1773755&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Mon Dec 12 09:38:50 2016
@@ -50,6 +50,29 @@
</section>
+ <section name="Fixed in Apache Tomcat 8.5.9" rtext="8 December 2016">
+
+ <p><strong>Important: Information Disclosure</strong>
+ <cve>CVE-2016-8745</cve></p>
+
+ <p>The refactoring of the Connector code for 8.5.x onwards introduced a
+ regression in the error handling of the send file code for the NIO HTTP
+ connector. An error during send file processing resulted in the current
+ Processor object being added to the Processor cache multiple times. This
+ in turn meant that the same Processor could be used for concurrent
+ requests. Sharing a Processor can result in information leakage between
+ requests including, not not limited to, session ID and the response body.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1771857">1771857</revlink>.</p>
+
+ <p>This issue was identified by the Apache Tomcat Security Team on 8 December
+ 2016 and made public on 12 December 2016.</p>
+
+ <p>Affects: 8.5.0 to 8.5.8</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 8.0.39" rtext="14 November 2016">
<p><strong>Important: Remote Code Execution</strong>
Modified: tomcat/site/trunk/xdocs/security-9.xml
URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-9.xml?rev=1773755&r1=1773754&r2=1773755&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-9.xml (original)
+++ tomcat/site/trunk/xdocs/security-9.xml Mon Dec 12 09:38:50 2016
@@ -50,6 +50,35 @@
</section>
+ <section name="Fixed in Apache Tomcat 9.0.0.M15" rtext="8 December 2016">
+
+ <p><i>Note: The issue below was fixed in Apache Tomcat 9.0.0.M14 but the
+ release vote for the 9.0.0.M14 release candidate did not pass. Therefore,
+ although users must download 9.0.0.M15 to obtain a version that includes
+ the fix for this issue, version 9.0.0.M14 is not included in the list of
+ affected versions.</i></p>
+
+ <p><strong>Important: Information Disclosure</strong>
+ <cve>CVE-2016-8745</cve></p>
+
+ <p>The refactoring of the Connector code for 8.5.x onwards introduced a
+ regression in the error handling of the send file code for the NIO HTTP
+ connector. An error during send file processing resulted in the current
+ Processor object being added to the Processor cache multiple times. This
+ in turn meant that the same Processor could be used for concurrent
+ requests. Sharing a Processor can result in information leakage between
+ requests including, not not limited to, session ID and the response body.
+ </p>
+
+ <p>This was fixed in revision <revlink rev="1771853">1771853</revlink>.</p>
+
+ <p>This issue was identified by the Apache Tomcat Security Team on 8 December
+ 2016 and made public on 12 December 2016.</p>
+
+ <p>Affects: 9.0.0.M1 to 9.0.0.M13</p>
+
+ </section>
+
<section name="Fixed in Apache Tomcat 9.0.0.M13" rtext="8 November 2016">
<p><i>Note: The issues below were fixed in Apache Tomcat 9.0.0.M12 but the
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org