Important: tomcat7, tomcat8

🗓️ 20 Apr 2017 00:00:00Reported by AmazonType

Incorrect handling of pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, resulting in lost requests and calls to application listeners in Apache Tomcat 9.0.0.M1 to 9.0.0.M17, 8.5.0 to 8.5.11, 8.0.0.RC1 to 8.0.41, and 7.0.0 to 7.0.75 not using the appropriate facade object

Reporter	Title	Published	Views	Family All 239
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities in Apache Tomcat affect IBM Rational License Key Server Administration and Reporting Tool	17 Jun 201805:23	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM Algo One - Counterparty Credit Risk (CVE-2017-5648)	15 Jun 201823:46	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affects the IBM FlashSystem models 840 and 900	18 Feb 202301:45	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Build Forge Security Advisory (CVE-2016-8610, CVE-2017-6056, CVE-2017-5647, CVE-2017-5648)	17 Jun 201805:21	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology	28 Apr 202118:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been identified in Jazz Reporting Service shipped with Rational Reporting for Development Intelligence	17 Jun 201805:22	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects SAN Volume Controller, Storwize family and FlashSystem V9000 products (CVE-2017-5647)	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat Vulnerabilities Affect IBM Sterling B2B Integrator	29 Apr 202502:11	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat might affect IBM Storage Defender Copy Data Management.	16 May 202519:24	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	1	any	tomcat7	7.0.77-1.26.amzn1	tomcat7-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-admin-webapps	7.0.77-1.26.amzn1	tomcat7-admin-webapps-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-docs-webapp	7.0.77-1.26.amzn1	tomcat7-docs-webapp-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-el-2.2-api	7.0.77-1.26.amzn1	tomcat7-el-2.2-api-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-javadoc	7.0.77-1.26.amzn1	tomcat7-javadoc-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-jsp-2.2-api	7.0.77-1.26.amzn1	tomcat7-jsp-2.2-api-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-lib	7.0.77-1.26.amzn1	tomcat7-lib-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-log4j	7.0.77-1.26.amzn1	tomcat7-log4j-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-servlet-3.0-api	7.0.77-1.26.amzn1	tomcat7-servlet-3.0-api-7.0.77-1.26.amzn1.noarch.rpm
Amazon Linux	1	any	tomcat7-webapps	7.0.77-1.26.amzn1	tomcat7-webapps-7.0.77-1.26.amzn1.noarch.rpm

20 Apr 2017 00:00Current

8.7High risk

Vulners AI Score8.7

CVSS 26.4

CVSS 39.1

EPSS0.21758