exploitDog

GHSA-3gv7-3h64-78cm

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.5

Описание

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Ссылки

Пакеты

Наименование

org.apache.tomcat:tomcat

maven

Затронутые версииВерсия исправления

>= 9.0.0.M1, <= 9.0.0.M18

9.0.0.M19

Наименование

org.apache.tomcat:tomcat

maven

Затронутые версииВерсия исправления

>= 8.5.0, <= 8.5.12

8.5.13

Наименование

org.apache.tomcat:tomcat

maven

Затронутые версииВерсия исправления

>= 8.0.0, <= 8.0.42

8.0.43

Наименование

org.apache.tomcat:tomcat

maven

Затронутые версииВерсия исправления

>= 7.0.0, <= 7.0.76

7.0.77

Наименование

org.apache.tomcat:tomcat

maven

Затронутые версииВерсия исправления

>= 6.0.0, <= 6.0.52

6.0.53

EPSS

Процентиль: 86%

0.02996

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200

Связанные уязвимости

CVE-2017-5647

CVSS3: 7.5

ubuntu

около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

CVE-2017-5647

CVSS3: 7.5

redhat

около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

CVE-2017-5647

CVSS3: 7.5

nvd

около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

CVE-2017-5647

CVSS3: 7.5

debian

около 8 лет назад

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...

openSUSE-SU-2017:1292-1

suse-cvrf

около 8 лет назад

Security update for tomcat

EPSS

Процентиль: 86%

0.02996

Низкий

7.5 High

CVSS3

CVE ID

Дефекты

CWE-200