Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-5647

Опубликовано: 17 апр. 2017
Источник: debian
EPSS Низкий

Описание

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat9not-affectedpackage
tomcat8fixed8.5.11-2package
tomcat7fixed7.0.72-3package
tomcat6fixed6.0.41-3package

Примечания

  • Since 7.0.72-3, src:tomcat7 only builds the Servlet API

  • Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie

  • https://www.openwall.com/lists/oss-security/2017/04/10/24

  • Fixed by: http://svn.apache.org/r1788932 (8.5.x)

  • Fixed by: http://svn.apache.org/r1788999 (8.0.x)

  • Fixed by: http://svn.apache.org/r1789008 (7.0.x)

  • Fixed by: http://svn.apache.org/r1789024 (6.0.x)

  • Fixed by: http://svn.apache.org/r1789155 (6.0.x)

  • Fixed by: http://svn.apache.org/r1789856 (6.0.x)

EPSS

Процентиль: 86%
0.02996
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-5647

CVSS3: 7.5
ubuntu
около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

redhat логотип

CVE-2017-5647

CVSS3: 7.5
redhat
около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

nvd логотип

CVE-2017-5647

CVSS3: 7.5
nvd
около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

github логотип

GHSA-3gv7-3h64-78cm

CVSS3: 7.5
github
около 3 лет назад

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

suse-cvrf логотип

openSUSE-SU-2017:1292-1

suse-cvrf
около 8 лет назад

Security update for tomcat

EPSS

Процентиль: 86%
0.02996
Низкий