Apache Tomcat is prone to an information-disclosure vulnerability.
Attackers can exploit this issue to obtain sensitive information that may aid in further attacks.
The following versions are affected:
Apache Tomcat 9.0.0.M1 through 9.0.0.M18
Apache Tomcat 8.5.0 through 8.5.12
Apache Tomcat 8.0.x
Information
Apache Tomcat 8.5.11
Apache Tomcat 8.5.9
Apache Tomcat 8.5.8
Apache Tomcat 8.5.7
Apache Tomcat 8.5.6
Apache Tomcat 8.5.5
Apache Tomcat 8.5.4
Apache Tomcat 8.5.1
Apache Tomcat 8.0.42
Apache Tomcat 8.0.41
Apache Tomcat 8.0.40
Apache Tomcat 8.0.39
Apache Tomcat 8.0.38
Apache Tomcat 8.0.37
Apache Tomcat 8.0.36
Apache Tomcat 8.0.35
Apache Tomcat 8.0.34
Apache Tomcat 8.0.33
Apache Tomcat 8.0.30
Apache Tomcat 8.0.27
Apache Tomcat 8.0.19
Apache Tomcat 8.0.17
Apache Tomcat 8.0.15
Apache Tomcat 8.0.8
Apache Tomcat 8.0.5
Apache Tomcat 8.0.3
Apache Tomcat 8.0.1
Apache Tomcat 9.0.0M8
Apache Tomcat 9.0.0M6
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M7
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M18
Apache Tomcat 9.0.0.M17
Apache Tomcat 9.0.0.M15
Apache Tomcat 9.0.0.M13
Apache Tomcat 9.0.0.M12
Apache Tomcat 9.0.0.M11
Apache Tomcat 9.0.0.M10
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0
Apache Tomcat 8.0.9
Apache Tomcat 8.0.32
Apache Tomcat 8.0.0.RC1
Apache Tomcat 8.0.0-RC6
Apache Tomcat 8.0.0-RC5
Apache Tomcat 8.0.0-RC3
Apache Tomcat 8.0.0-RC10
Apache Tomcat 8.0.0-RC1
Apache Tomcat 8.0.0 Rc5
Apache Tomcat 8.0.0 Rc2
Apache Tomcat 8.0.0 Rc10
Apache Tomcat 8.0.0 Rc1
Apache Tomcat 9.0.0.M19
References:
- [SECURITY] CVE-2017-5651 Apache Tomcat Information Disclosure (Mark Thomas)
- Apache Homepage (Apache)
- Apache Tomcat 8.x vulnerabilities (Apache)
- Apache Tomcat 9.x vulnerabilities (Apache)
- Bug 60918 - Process Send File releases the same Http11Processor in two threads, (ASF Bugzilla)