Lucene search

K
nvd[email protected]NVD:CVE-2017-5651
HistoryApr 17, 2017 - 4:59 p.m.

CVE-2017-5651

2017-04-1716:59:00
web.nvd.nist.gov
8

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

67.9%

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

Affected configurations

Nvd
Node
apachetomcatMatch8.5.0
OR
apachetomcatMatch8.5.1
OR
apachetomcatMatch8.5.2
OR
apachetomcatMatch8.5.3
OR
apachetomcatMatch8.5.4
OR
apachetomcatMatch8.5.5
OR
apachetomcatMatch8.5.6
OR
apachetomcatMatch8.5.7
OR
apachetomcatMatch8.5.8
OR
apachetomcatMatch8.5.9
OR
apachetomcatMatch8.5.10
OR
apachetomcatMatch8.5.11
OR
apachetomcatMatch8.5.12
Node
apachetomcatMatch9.0.0milestone1
OR
apachetomcatMatch9.0.0milestone10
OR
apachetomcatMatch9.0.0milestone11
OR
apachetomcatMatch9.0.0milestone12
OR
apachetomcatMatch9.0.0milestone13
OR
apachetomcatMatch9.0.0milestone14
OR
apachetomcatMatch9.0.0milestone15
OR
apachetomcatMatch9.0.0milestone16
OR
apachetomcatMatch9.0.0milestone17
OR
apachetomcatMatch9.0.0milestone18
OR
apachetomcatMatch9.0.0milestone2
OR
apachetomcatMatch9.0.0milestone3
OR
apachetomcatMatch9.0.0milestone4
OR
apachetomcatMatch9.0.0milestone5
OR
apachetomcatMatch9.0.0milestone6
OR
apachetomcatMatch9.0.0milestone7
OR
apachetomcatMatch9.0.0milestone8
OR
apachetomcatMatch9.0.0milestone9
VendorProductVersionCPE
apachetomcat8.5.0cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
apachetomcat8.5.1cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
apachetomcat8.5.2cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
apachetomcat8.5.3cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
apachetomcat8.5.4cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
apachetomcat8.5.5cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
apachetomcat8.5.6cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
apachetomcat8.5.7cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
apachetomcat8.5.8cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
apachetomcat8.5.9cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
Rows per page:
1-10 of 311

References

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.003

Percentile

67.9%