Skip to main content

CVE-2017-5651

Severity

9.8

Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Project

Apache Tomcat

Apache TomEE

Category
Information Disclosure
Tags
data
Date Disclosed

2017-04-17

Date Discovered

2017-01-29

Apache Tomcat 8.5.x

First release:
2016-06-13
0
Support Lifecycle:
Namespace:
javax

Apache TomEE 7.0.x

First release:
2016-05-17
0
Support Lifecycle:
Namespace:
javax
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.