Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-5651

Опубликовано: 10 апр. 2017
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat Enterprise Linux 7tomcatNot affected
Red Hat JBoss BRMS 5jbosswebNot affected
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Virtualization 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6tomcat7Not affected
Red Hat JBoss Enterprise Web Server 2tomcat6Not affected
Red Hat JBoss Enterprise Web Server 2tomcat7Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1441226tomcat: Incorrect handling of send file processing could result into adding Processort to the cache twice

EPSS

Процентиль: 90%
0.05572
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-5651

CVSS3: 9.8
ubuntu
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

nvd логотип

CVE-2017-5651

CVSS3: 9.8
nvd
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

debian логотип

CVE-2017-5651

CVSS3: 9.8
debian
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...

github логотип

GHSA-9hg2-395j-83rm

CVSS3: 9.8
github
около 3 лет назад

Expected Behavior Violation in Apache Tomcat

fstec логотип

BDU:2017-01567

fstec
больше 8 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 90%
0.05572
Низкий

7.5 High

CVSS3