Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-8037

Опубликовано: 22 июл. 2018
Источник: redhat
CVSS3: 9.1

Описание

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat BPM Suite 6tomcatNot affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat Enterprise Linux 7tomcatNot affected
Red Hat Fuse 7tomcatNot affected
Red Hat JBoss BRMS 5jbosswebNot affected
Red Hat JBoss BRMS 6tomcatNot affected
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Grid 7tomcatNot affected
Red Hat JBoss Data Virtualization 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1607582tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up

9.1 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-8037

CVSS3: 5.9
ubuntu
почти 7 лет назад

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

nvd логотип

CVE-2018-8037

CVSS3: 5.9
nvd
почти 7 лет назад

If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.

debian логотип

CVE-2018-8037

CVSS3: 5.9
debian
почти 7 лет назад

If an async request was completed by the application at the same time ...

github логотип

GHSA-6v52-mj5r-7j2m

CVSS3: 5.9
github
больше 6 лет назад

Apache Tomcat Race Condition vulnerability

fstec логотип

BDU:2019-04412

CVSS3: 5.9
fstec
почти 7 лет назад

Уязвимость сервера приложений Apache Tomcat, вызванная ошибками синхронизации при использовании общего ресурса, позволяющая нарушителю раскрыть защищаемую информацию

9.1 Critical

CVSS3