Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-5651

Опубликовано: 17 апр. 2017
Источник: debian
EPSS Низкий

Описание

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat9not-affectedpackage
tomcat8fixed8.5.11-2package
tomcat8not-affectedjessiepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2017/04/10/21

  • Fixed by: http://svn.apache.org/r1788546 (8.5.x)

EPSS

Процентиль: 90%
0.05572
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-5651

CVSS3: 9.8
ubuntu
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

redhat логотип

CVE-2017-5651

CVSS3: 7.5
redhat
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

nvd логотип

CVE-2017-5651

CVSS3: 9.8
nvd
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

github логотип

GHSA-9hg2-395j-83rm

CVSS3: 9.8
github
около 3 лет назад

Expected Behavior Violation in Apache Tomcat

fstec логотип

BDU:2017-01567

fstec
больше 8 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 90%
0.05572
Низкий