CVE-2016-8747 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2016-8747 Interim 1 11 2025-11-05T04:17:27Z current 2021-05-30T13:47:08Z 2025-11-05T04:17:27Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2016-8747 An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12-LTSS tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-2_2-api tomcat-el-3_0-api tomcat-javadoc tomcat-jsp-2_2-api tomcat-jsp-2_3-api tomcat-lib tomcat-servlet-3_0-api tomcat-servlet-3_1-api tomcat-webapps tomcat as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP1 tomcat as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-el-2_2-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-javadoc as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-jsp-2_2-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-lib as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-servlet-3_0-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-webapps as a component of SUSE Linux Enterprise Server 12-LTSS An information disclosure issue was discovered in Apache Tomcat 8.5.7 to 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations. Http11InputBuffer.java allows remote attackers to read data that was intended to be associated with a different request. CVE-2016-8747 SUSE Linux Enterprise Server 12 SP1:tomcat SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP1:tomcat-lib SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP1:tomcat-webapps SUSE Linux Enterprise Server 12 SP2:tomcat SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP2:tomcat-lib SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP2:tomcat-webapps SUSE Linux Enterprise Server 12-LTSS:tomcat SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api SUSE Linux Enterprise Server 12-LTSS:tomcat-lib SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N