Vulnerability Details : CVE-2016-8747
An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request.
Vulnerability category: Information leak
Products affected by CVE-2016-8747
- cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
Threat overview for CVE-2016-8747
Top countries where our scanners detected CVE-2016-8747
Top open port discovered on systems with this issue
80
IPs affected by CVE-2016-8747 5,205
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-8747!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-8747
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-8747
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2024-10-15 |
CWE ids for CVE-2016-8747
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-8747
-
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E
svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/ - Pony Mail
-
http://tomcat.apache.org/security-8.html
Apache Tomcat® - Apache Tomcat 8 vulnerabilitiesRelease Notes;Vendor Advisory
-
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E
Pony Mail!
-
https://security.netapp.com/advisory/ntap-20180614-0002/
CVE-2016-8747 Apache Tomcat Vulnerability in NetApp Products | NetApp Product Security
-
http://svn.apache.org/viewvc?view=revision&revision=1774166
[Apache-SVN] Revision 1774166Issue Tracking;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E
svn commit: r1873980 [29/34] - /tomcat/site/trunk/docs/ - Pony Mail
-
https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E
svn commit: r1873527 [25/30] - /tomcat/site/trunk/docs/ - Pony Mail
-
http://svn.apache.org/viewvc?view=revision&revision=1774161
[Apache-SVN] Revision 1774161Issue Tracking;Patch;Vendor Advisory
-
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://tomcat.apache.org/security-9.html
Apache Tomcat® - Apache Tomcat 9 vulnerabilitiesRelease Notes;Vendor Advisory
-
https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
http://www.securityfocus.com/bid/96895
Apache Tomcat CVE-2016-8747 Information Disclosure Vulnerability
-
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E
svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
-
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
Apache Mail Archives
-
https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E
svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/ - Pony Mail
Jump to