The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information.
Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications like Java Servlet, JavaServer Pages (JSP), Expression Language, and WebSocket, and provides a “pure Java” HTTP web server environment for Java concept to run in.
Unlike Apache Struts2 vulnerabilities exploited to breach the systems of America credit reportingagency Equifax late last year, new Apache Tomcat vulnerabilities are less likely to be exploited in the wild.
Apache Tomcat — Information Disclosure Vulnerability
The more critical flaw (CVE-2018-8037) of all in Apache Tomcat is an information disclosure vulnerability caused due to a bug in the tracking of connection closures which can lead to reuse of user sessions in a new connection.
images from Hacker News