Описание
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
Меры по смягчению последствий
The AJP connector does not support the sendfile capability. A server configured to only use the AJP connector (disable HTTP Connector) is not affected by this vulnerability. Disable the sendfile capability by setting useSendfile="false" in the HTTP connector configuration. Note: Disabling sendfile, may impact performance on large files.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tomcat5 | Not affected | ||
| Red Hat Fuse 7 | CXF | Affected | ||
| Red Hat JBoss BRMS 5 | jbossweb | Will not fix | ||
| Red Hat JBoss Data Grid 6 | jbossweb | Not affected | ||
| Red Hat JBoss Data Virtualization 6 | jbossweb | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossweb | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Not affected | ||
| Red Hat JBoss Fuse 6 | jbossweb | Under investigation | ||
| Red Hat JBoss Fuse 6 | karaf | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | jbossweb | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0 ...
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
EPSS
7.5 High
CVSS3