A bug in the error handling of the send file code for the NIO HTTP connector in Apache Tomcat 9.0.0.M1 to 9.0.0.M13, 8.5.0 to 8.5.8, 8.0.0.RC1 to 8.0.39, 7.0.0 to 7.0.73 and 6.0.16 to 6.0.48 resulted in the current Processor object being added to the Processor cache multiple times. This in turn meant that the same Processor could be used for concurrent requests. Sharing a Processor can result in information leakage between requests including, not not limited to, session ID and the response body. The bug was first noticed in 8.5.x onwards where it appears the refactoring of the Connector code for 8.5.x onwards made it more likely that the bug was observed. Initially it was thought that the 8.5.x refactoring introduced the bug but further investigation has shown that the bug is present in all currently supported Tomcat versions.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Tomcat | Apache | 7.0.0 (including) | 7.0.0 (including) |
| Tomcat | Apache | 7.0.1 (including) | 7.0.1 (including) |
| Tomcat | Apache | 7.0.2 (including) | 7.0.2 (including) |
| Tomcat | Apache | 7.0.3 (including) | 7.0.3 (including) |
| Tomcat | Apache | 7.0.4 (including) | 7.0.4 (including) |
| Tomcat | Apache | 7.0.5 (including) | 7.0.5 (including) |
| Tomcat | Apache | 7.0.6 (including) | 7.0.6 (including) |
| Tomcat | Apache | 7.0.7 (including) | 7.0.7 (including) |
| Tomcat | Apache | 7.0.8 (including) | 7.0.8 (including) |
| Tomcat | Apache | 7.0.9 (including) | 7.0.9 (including) |
| Tomcat | Apache | 7.0.11 (including) | 7.0.11 (including) |
| Tomcat | Apache | 7.0.12 (including) | 7.0.12 (including) |
| Tomcat | Apache | 7.0.13 (including) | 7.0.13 (including) |
| Tomcat | Apache | 7.0.14 (including) | 7.0.14 (including) |
| Tomcat | Apache | 7.0.15 (including) | 7.0.15 (including) |
| Tomcat | Apache | 7.0.16 (including) | 7.0.16 (including) |
| Tomcat | Apache | 7.0.17 (including) | 7.0.17 (including) |
| Tomcat | Apache | 7.0.18 (including) | 7.0.18 (including) |
| Tomcat | Apache | 7.0.19 (including) | 7.0.19 (including) |
| Tomcat | Apache | 7.0.20 (including) | 7.0.20 (including) |
| Tomcat | Apache | 7.0.21 (including) | 7.0.21 (including) |
| Tomcat | Apache | 7.0.22 (including) | 7.0.22 (including) |
| Tomcat | Apache | 7.0.23 (including) | 7.0.23 (including) |
| Tomcat | Apache | 7.0.24 (including) | 7.0.24 (including) |
| Tomcat | Apache | 7.0.25 (including) | 7.0.25 (including) |
| Tomcat | Apache | 7.0.26 (including) | 7.0.26 (including) |
| Tomcat | Apache | 7.0.27 (including) | 7.0.27 (including) |
| Tomcat | Apache | 7.0.28 (including) | 7.0.28 (including) |
| Tomcat | Apache | 7.0.29 (including) | 7.0.29 (including) |
| Tomcat | Apache | 7.0.30 (including) | 7.0.30 (including) |
| Tomcat | Apache | 7.0.31 (including) | 7.0.31 (including) |
| Tomcat | Apache | 7.0.32 (including) | 7.0.32 (including) |
| Tomcat | Apache | 7.0.33 (including) | 7.0.33 (including) |
| Tomcat | Apache | 7.0.34 (including) | 7.0.34 (including) |
| Tomcat | Apache | 7.0.35 (including) | 7.0.35 (including) |
| Tomcat | Apache | 7.0.36 (including) | 7.0.36 (including) |
| Tomcat | Apache | 7.0.37 (including) | 7.0.37 (including) |
| Tomcat | Apache | 7.0.38 (including) | 7.0.38 (including) |
| Tomcat | Apache | 7.0.39 (including) | 7.0.39 (including) |
| Tomcat | Apache | 7.0.40 (including) | 7.0.40 (including) |
| Tomcat | Apache | 7.0.41 (including) | 7.0.41 (including) |
| Tomcat | Apache | 7.0.42 (including) | 7.0.42 (including) |
| Tomcat | Apache | 7.0.43 (including) | 7.0.43 (including) |
| Tomcat | Apache | 7.0.44 (including) | 7.0.44 (including) |
| Tomcat | Apache | 7.0.45 (including) | 7.0.45 (including) |
| Tomcat | Apache | 7.0.46 (including) | 7.0.46 (including) |
| Tomcat | Apache | 7.0.47 (including) | 7.0.47 (including) |
| Tomcat | Apache | 7.0.48 (including) | 7.0.48 (including) |
| Tomcat | Apache | 7.0.49 (including) | 7.0.49 (including) |
| Tomcat | Apache | 7.0.50 (including) | 7.0.50 (including) |
| Tomcat | Apache | 7.0.52 (including) | 7.0.52 (including) |
| Tomcat | Apache | 7.0.53 (including) | 7.0.53 (including) |
| Tomcat | Apache | 7.0.54 (including) | 7.0.54 (including) |
| Tomcat | Apache | 7.0.55 (including) | 7.0.55 (including) |
| Tomcat | Apache | 7.0.56 (including) | 7.0.56 (including) |
| Tomcat | Apache | 7.0.57 (including) | 7.0.57 (including) |
| Tomcat | Apache | 7.0.58 (including) | 7.0.58 (including) |
| Tomcat | Apache | 7.0.59 (including) | 7.0.59 (including) |
| Tomcat | Apache | 7.0.60 (including) | 7.0.60 (including) |
| Tomcat | Apache | 7.0.61 (including) | 7.0.61 (including) |
| Tomcat | Apache | 7.0.62 (including) | 7.0.62 (including) |
| Tomcat | Apache | 7.0.63 (including) | 7.0.63 (including) |
| Tomcat | Apache | 7.0.64 (including) | 7.0.64 (including) |
| Tomcat | Apache | 7.0.65 (including) | 7.0.65 (including) |
| Tomcat | Apache | 7.0.66 (including) | 7.0.66 (including) |
| Tomcat | Apache | 7.0.67 (including) | 7.0.67 (including) |
| Tomcat | Apache | 7.0.68 (including) | 7.0.68 (including) |
| Tomcat | Apache | 7.0.69 (including) | 7.0.69 (including) |
| Tomcat | Apache | 7.0.70 (including) | 7.0.70 (including) |
| Tomcat | Apache | 7.0.71 (including) | 7.0.71 (including) |
| Tomcat | Apache | 7.0.72 (including) | 7.0.72 (including) |
| Tomcat | Apache | 7.0.73 (including) | 7.0.73 (including) |
| Tomcat | Apache | 8.0 (including) | 8.0 (including) |
| Tomcat | Apache | 8.0.0-rc1 (including) | 8.0.0-rc1 (including) |
| Tomcat | Apache | 8.0.0-rc10 (including) | 8.0.0-rc10 (including) |
| Tomcat | Apache | 8.0.0-rc3 (including) | 8.0.0-rc3 (including) |
| Tomcat | Apache | 8.0.0-rc5 (including) | 8.0.0-rc5 (including) |
| Tomcat | Apache | 8.0.1 (including) | 8.0.1 (including) |
| Tomcat | Apache | 8.0.2 (including) | 8.0.2 (including) |
| Tomcat | Apache | 8.0.3 (including) | 8.0.3 (including) |
| Tomcat | Apache | 8.0.4 (including) | 8.0.4 (including) |
| Tomcat | Apache | 8.0.5 (including) | 8.0.5 (including) |
| Tomcat | Apache | 8.0.6 (including) | 8.0.6 (including) |
| Tomcat | Apache | 8.0.7 (including) | 8.0.7 (including) |
| Tomcat | Apache | 8.0.8 (including) | 8.0.8 (including) |
| Tomcat | Apache | 8.0.9 (including) | 8.0.9 (including) |
| Tomcat | Apache | 8.0.10 (including) | 8.0.10 (including) |
| Tomcat | Apache | 8.0.11 (including) | 8.0.11 (including) |
| Tomcat | Apache | 8.0.12 (including) | 8.0.12 (including) |
| Tomcat | Apache | 8.0.13 (including) | 8.0.13 (including) |
| Tomcat | Apache | 8.0.14 (including) | 8.0.14 (including) |
| Tomcat | Apache | 8.0.15 (including) | 8.0.15 (including) |
| Tomcat | Apache | 8.0.16 (including) | 8.0.16 (including) |
| Tomcat | Apache | 8.0.17 (including) | 8.0.17 (including) |
| Tomcat | Apache | 8.0.18 (including) | 8.0.18 (including) |
| Tomcat | Apache | 8.0.19 (including) | 8.0.19 (including) |
| Tomcat | Apache | 8.0.20 (including) | 8.0.20 (including) |
| Tomcat | Apache | 8.0.21 (including) | 8.0.21 (including) |
| Tomcat | Apache | 8.0.22 (including) | 8.0.22 (including) |
| Tomcat | Apache | 8.0.23 (including) | 8.0.23 (including) |
| Tomcat | Apache | 8.0.24 (including) | 8.0.24 (including) |
| Tomcat | Apache | 8.0.25 (including) | 8.0.25 (including) |
| Tomcat | Apache | 8.0.26 (including) | 8.0.26 (including) |
| Tomcat | Apache | 8.0.27 (including) | 8.0.27 (including) |
| Tomcat | Apache | 8.0.28 (including) | 8.0.28 (including) |
| Tomcat | Apache | 8.0.29 (including) | 8.0.29 (including) |
| Tomcat | Apache | 8.0.30 (including) | 8.0.30 (including) |
| Tomcat | Apache | 8.0.31 (including) | 8.0.31 (including) |
| Tomcat | Apache | 8.0.32 (including) | 8.0.32 (including) |
| Tomcat | Apache | 8.0.33 (including) | 8.0.33 (including) |
| Tomcat | Apache | 8.0.34 (including) | 8.0.34 (including) |
| Tomcat | Apache | 8.0.35 (including) | 8.0.35 (including) |
| Tomcat | Apache | 8.0.36 (including) | 8.0.36 (including) |
| Tomcat | Apache | 8.0.37 (including) | 8.0.37 (including) |
| Tomcat | Apache | 8.0.38 (including) | 8.0.38 (including) |
| Tomcat | Apache | 8.0.39 (including) | 8.0.39 (including) |
| Tomcat | Apache | 8.5.0 (including) | 8.5.0 (including) |
| Tomcat | Apache | 8.5.1 (including) | 8.5.1 (including) |
| Tomcat | Apache | 8.5.2 (including) | 8.5.2 (including) |
| Tomcat | Apache | 8.5.3 (including) | 8.5.3 (including) |
| Tomcat | Apache | 8.5.4 (including) | 8.5.4 (including) |
| Tomcat | Apache | 8.5.5 (including) | 8.5.5 (including) |
| Tomcat | Apache | 8.5.6 (including) | 8.5.6 (including) |
| Tomcat | Apache | 8.5.7 (including) | 8.5.7 (including) |
| Tomcat | Apache | 8.5.8 (including) | 8.5.8 (including) |
| Tomcat | Apache | 9.0.0-milestone1 (including) | 9.0.0-milestone1 (including) |
| Tomcat | Apache | 9.0.0-milestone10 (including) | 9.0.0-milestone10 (including) |
| Tomcat | Apache | 9.0.0-milestone11 (including) | 9.0.0-milestone11 (including) |
| Tomcat | Apache | 9.0.0-milestone12 (including) | 9.0.0-milestone12 (including) |
| Tomcat | Apache | 9.0.0-milestone13 (including) | 9.0.0-milestone13 (including) |
| Tomcat | Apache | 9.0.0-milestone2 (including) | 9.0.0-milestone2 (including) |
| Tomcat | Apache | 9.0.0-milestone3 (including) | 9.0.0-milestone3 (including) |
| Tomcat | Apache | 9.0.0-milestone4 (including) | 9.0.0-milestone4 (including) |
| Tomcat | Apache | 9.0.0-milestone5 (including) | 9.0.0-milestone5 (including) |
| Tomcat | Apache | 9.0.0-milestone6 (including) | 9.0.0-milestone6 (including) |
| Tomcat | Apache | 9.0.0-milestone7 (including) | 9.0.0-milestone7 (including) |
| Tomcat | Apache | 9.0.0-milestone8 (including) | 9.0.0-milestone8 (including) |
| Tomcat | Apache | 9.0.0-milestone9 (including) | 9.0.0-milestone9 (including) |