Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-5651

Опубликовано: 17 апр. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

РелизСтатусПримечание
devel

not-affected

esm-infra-legacy/trusty

DNE

esm-infra/xenial

not-affected

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

released

8.5.11-2
vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

not-affected

Показывать по

РелизСтатусПримечание
devel

DNE

esm-infra-legacy/trusty

DNE

precise

DNE

trusty

DNE

trusty/esm

DNE

upstream

needs-triage

vivid/stable-phone-overlay

DNE

vivid/ubuntu-core

DNE

xenial

DNE

yakkety

DNE

Показывать по

EPSS

Процентиль: 90%
0.05572
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

CVSS3: 7.5
redhat
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

CVSS3: 9.8
nvd
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

CVSS3: 9.8
debian
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refact ...

CVSS3: 9.8
github
около 3 лет назад

Expected Behavior Violation in Apache Tomcat

fstec
больше 8 лет назад

Уязвимость сервера приложений Apache Tomcat, позволяющая нарушителю получить конфиденциальную информацию

EPSS

Процентиль: 90%
0.05572
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3