Endpoint Vulnerability

Apache Tomcat - Moderate: Information Disclosure CVE-2016-8747

Description

The refactoring to make wider use of ByteBuffer introduced a regression that could cause information to leak between requests on the same connection. When running behind a reverse proxy, this could result in information leakage between users. All HTTP connector variants are affected but HTTP/2 and AJP are not affected.

Affected Products

Apache Tomcat

References

CVE-2016-8747,