Candidate: CVE-2016-8747
PublicDate: 2017-03-14 09:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8747
 http://svn.apache.org/r1774166
 http://svn.apache.org/viewvc?view=revision&revision=1774161
 http://svn.apache.org/viewvc?view=revision&revision=1774166
 http://tomcat.apache.org/security-8.html
 http://tomcat.apache.org/security-9.html
 http://svn.apache.org/r1774166
Description:
 An information disclosure issue was discovered in Apache Tomcat 8.5.7 to
 8.5.9 and 9.0.0.M11 to 9.0.0.M15 in reverse-proxy configurations.
 Http11InputBuffer.java allows remote attackers to read data that was
 intended to be associated with a different request.
Ubuntu-Description:
Notes:
 ratliff> introduced in r1766968
Bugs:
Priority: medium
Discovered-by: 
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_tomcat8:
upstream_tomcat8: released (8.5.9-1)
precise_tomcat8: DNE
trusty_tomcat8: DNE
trusty/esm_tomcat8: DNE
vivid/stable-phone-overlay_tomcat8: DNE
vivid/ubuntu-core_tomcat8: DNE
xenial_tomcat8: not-affected
esm-infra/xenial_tomcat8: not-affected
yakkety_tomcat8: not-affected
devel_tomcat8: not-affected