CVE-2018-8037 Information
Description
If an async request was completed by the application at the same time as the container triggered the async timeout a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present in the NIO and NIO2 connectors that did not correctly track the closure of the connection when an async request was completed by the application and timed out by the container at the same time. This could also result in a user seeing a response intended for another user. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.9 and 8.5.5 to 8.5.31.
CVSS Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/3C20180722090623.GA9270040minotaur.apache.org3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa3340apache.org3E http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/104894 http://www.securitytracker.com/id/1041376 https://access.redhat.com/errata/RHSA-2018:2867 https://access.redhat.com/errata/RHSA-2018:2868 https://access.redhat.com/errata/RHSA-2019:1529 https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39@3Cusers.tomcat.apache.org3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c@3Cusers.tomcat.apache.org3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@3Cdev.tomcat.apache.org3E https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@3Cdev.tomcat.apache.org3E https://security.netapp.com/advisory/ntap-20180817-0001/ https://www.debian.org/security/2018/dsa-4281 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
5.9
Share on: