How severe is CVE-2016-8745?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2016-8745?

This is classified as CWE-388, which is a common weakness in software security.

CVE-2016-8745

HIGH Year: 2016

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-388

View all →

Vulnerability Description

A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.

CVE-2016-1480

HIGH

CVSS:7.5(High)

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthe...

CWE-3882016

CVE-2016-6357

HIGH

CVSS:7.5(High)

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass...

CWE-3882016

CVE-2016-7991

HIGH

CVSS:7.5(High)

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and h...

CWE-3882016

CVE-2023-20227

HIGH

CVSS:7.5(High)

A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected de...

CWE-3882023

CVE-2020-3512

HIGH

CVSS:7.4(High)

A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a c...

CWE-3882020

CVE-2017-17564

HIGH

CVSS:7.8(High)

An issue was discovered in Xen through 4.9.x allowing guest OS users to cause a denial of service (host OS crash) or gain host OS privileges by leveraging incorrect error handling for reference counti...

CWE-3882017

CVE-2016-8745

Vulnerability Description

Related Vulnerabilities

CVE-2016-1480

CVE-2016-6357

CVE-2016-7991

CVE-2023-20227

CVE-2020-3512

CVE-2017-17564