ID de Prueba:	1.3.6.1.4.1.25623.1.0.813722
Categoría:	Web Servers
Título:	Apache Tomcat 'NIO/NIO2' Connectors Information Disclosure Vulnerability - Windows
Resumen:	Apache Tomcat is prone to an information disclosure vulnerability.
Descripción:	Summary: Apache Tomcat is prone to an information disclosure vulnerability. Vulnerability Insight: The flaw exists due to an error where a mishandling of close in 'NIO/NIO2' connectors, user sessions can get mixed up. Vulnerability Impact: Successful exploitation can allow an attacker to reuse user sessions in a new connection. Affected Software/OS: Apache Tomcat 9.0.0.M9 to 9.0.9 Apache Tomcat 8.5.5 to 8.5.31 on Windows. Solution: Upgrade to Apache Tomcat version 9.0.10, 8.5.32 or later. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-8037 BugTraq ID: 104894 http://www.securityfocus.com/bid/104894 Debian Security Information: DSA-4281 (Google Search) https://www.debian.org/security/2018/dsa-4281 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/e85e83e9954f169bbb77b44baae5a33d8de878df557bb32b7f793661@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/1dd0a59c1295cc08ce4c9e7edae5ad2268acc9ba55adcefa0532e5ba@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r6ccee4e849bc77df0840c7f853f6bd09d426f6741247da2b7429d5d9@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/raba0fabaf4d56d4325ab2aca8814f0b30a237ab83d8106b115ee279a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/2ee3af8a43cb019e7898c9330cc8e73306553a27f2e4735dfb522d39@%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/5d15316dfb4adf75d96d394745f8037533fa3bcc1ac8f619bf5c044c@%3Cusers.tomcat.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180722090623.GA92700%40minotaur.apache.org%3E http://mail-archives.us.apache.org/mod_mbox/www-announce/201808.mbox/%3C0c616b4d-4e81-e7f8-b81d-1bb4c575aa33%40apache.org%3E RedHat Security Advisories: RHSA-2018:2867 https://access.redhat.com/errata/RHSA-2018:2867 RedHat Security Advisories: RHSA-2018:2868 https://access.redhat.com/errata/RHSA-2018:2868 RedHat Security Advisories: RHSA-2019:1529 https://access.redhat.com/errata/RHSA-2019:1529 http://www.securitytracker.com/id/1041376
Copyright	Copyright (C) 2018 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.