7.5

CVE-2017-5647

EPSS 3.99%
Veröffentlicht 17.04.2017 16:59:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 37

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.3

Apache ≫ Tomcat Version6.0.4

Apache ≫ Tomcat Version6.0.5

Apache ≫ Tomcat Version6.0.6

Apache ≫ Tomcat Version6.0.7

Apache ≫ Tomcat Version6.0.8

Apache ≫ Tomcat Version6.0.9

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Apache ≫ Tomcat Version6.0.16

Apache ≫ Tomcat Version6.0.17

Apache ≫ Tomcat Version6.0.18

Apache ≫ Tomcat Version6.0.19

Apache ≫ Tomcat Version6.0.20

Apache ≫ Tomcat Version6.0.21

Apache ≫ Tomcat Version6.0.22

Apache ≫ Tomcat Version6.0.23

Apache ≫ Tomcat Version6.0.24

Apache ≫ Tomcat Version6.0.25

Apache ≫ Tomcat Version6.0.26

Apache ≫ Tomcat Version6.0.27

Apache ≫ Tomcat Version6.0.28

Apache ≫ Tomcat Version6.0.29

Apache ≫ Tomcat Version6.0.30

Apache ≫ Tomcat Version6.0.31

Apache ≫ Tomcat Version6.0.32

Apache ≫ Tomcat Version6.0.33

Apache ≫ Tomcat Version6.0.34

Apache ≫ Tomcat Version6.0.35

Apache ≫ Tomcat Version6.0.36

Apache ≫ Tomcat Version6.0.37

Apache ≫ Tomcat Version6.0.38

Apache ≫ Tomcat Version6.0.39

Apache ≫ Tomcat Version6.0.40

Apache ≫ Tomcat Version6.0.41

Apache ≫ Tomcat Version6.0.42

Apache ≫ Tomcat Version6.0.43

Apache ≫ Tomcat Version6.0.44

Apache ≫ Tomcat Version6.0.45

Apache ≫ Tomcat Version6.0.46

Apache ≫ Tomcat Version6.0.47

Apache ≫ Tomcat Version6.0.48

Apache ≫ Tomcat Version6.0.49

Apache ≫ Tomcat Version6.0.50

Apache ≫ Tomcat Version6.0.51

Apache ≫ Tomcat Version6.0.52

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.5

Apache ≫ Tomcat Version7.0.6

Apache ≫ Tomcat Version7.0.7

Apache ≫ Tomcat Version7.0.8

Apache ≫ Tomcat Version7.0.9

Apache ≫ Tomcat Version7.0.10

Apache ≫ Tomcat Version7.0.11

Apache ≫ Tomcat Version7.0.12

Apache ≫ Tomcat Version7.0.13

Apache ≫ Tomcat Version7.0.14

Apache ≫ Tomcat Version7.0.15

Apache ≫ Tomcat Version7.0.16

Apache ≫ Tomcat Version7.0.17

Apache ≫ Tomcat Version7.0.18

Apache ≫ Tomcat Version7.0.19

Apache ≫ Tomcat Version7.0.20

Apache ≫ Tomcat Version7.0.21

Apache ≫ Tomcat Version7.0.22

Apache ≫ Tomcat Version7.0.23

Apache ≫ Tomcat Version7.0.24

Apache ≫ Tomcat Version7.0.25

Apache ≫ Tomcat Version7.0.26

Apache ≫ Tomcat Version7.0.27

Apache ≫ Tomcat Version7.0.28

Apache ≫ Tomcat Version7.0.29

Apache ≫ Tomcat Version7.0.30

Apache ≫ Tomcat Version7.0.31

Apache ≫ Tomcat Version7.0.32

Apache ≫ Tomcat Version7.0.33

Apache ≫ Tomcat Version7.0.34

Apache ≫ Tomcat Version7.0.35

Apache ≫ Tomcat Version7.0.36

Apache ≫ Tomcat Version7.0.37

Apache ≫ Tomcat Version7.0.38

Apache ≫ Tomcat Version7.0.39

Apache ≫ Tomcat Version7.0.40

Apache ≫ Tomcat Version7.0.41

Apache ≫ Tomcat Version7.0.42

Apache ≫ Tomcat Version7.0.43

Apache ≫ Tomcat Version7.0.44

Apache ≫ Tomcat Version7.0.45

Apache ≫ Tomcat Version7.0.46

Apache ≫ Tomcat Version7.0.47

Apache ≫ Tomcat Version7.0.48

Apache ≫ Tomcat Version7.0.49

Apache ≫ Tomcat Version7.0.50

Apache ≫ Tomcat Version7.0.51

Apache ≫ Tomcat Version7.0.52

Apache ≫ Tomcat Version7.0.53

Apache ≫ Tomcat Version7.0.54

Apache ≫ Tomcat Version7.0.55

Apache ≫ Tomcat Version7.0.56

Apache ≫ Tomcat Version7.0.57

Apache ≫ Tomcat Version7.0.58

Apache ≫ Tomcat Version7.0.59

Apache ≫ Tomcat Version7.0.60

Apache ≫ Tomcat Version7.0.61

Apache ≫ Tomcat Version7.0.62

Apache ≫ Tomcat Version7.0.63

Apache ≫ Tomcat Version7.0.64

Apache ≫ Tomcat Version7.0.65

Apache ≫ Tomcat Version7.0.66

Apache ≫ Tomcat Version7.0.67

Apache ≫ Tomcat Version7.0.68

Apache ≫ Tomcat Version7.0.69

Apache ≫ Tomcat Version7.0.70

Apache ≫ Tomcat Version7.0.71

Apache ≫ Tomcat Version7.0.72

Apache ≫ Tomcat Version7.0.73

Apache ≫ Tomcat Version7.0.74

Apache ≫ Tomcat Version7.0.75

Apache ≫ Tomcat Version7.0.76

Apache ≫ Tomcat Version8.0.0

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.1

Apache ≫ Tomcat Version8.0.2

Apache ≫ Tomcat Version8.0.3

Apache ≫ Tomcat Version8.0.4

Apache ≫ Tomcat Version8.0.5

Apache ≫ Tomcat Version8.0.6

Apache ≫ Tomcat Version8.0.7

Apache ≫ Tomcat Version8.0.8

Apache ≫ Tomcat Version8.0.9

Apache ≫ Tomcat Version8.0.10

Apache ≫ Tomcat Version8.0.11

Apache ≫ Tomcat Version8.0.12

Apache ≫ Tomcat Version8.0.13

Apache ≫ Tomcat Version8.0.14

Apache ≫ Tomcat Version8.0.15

Apache ≫ Tomcat Version8.0.16

Apache ≫ Tomcat Version8.0.17

Apache ≫ Tomcat Version8.0.18

Apache ≫ Tomcat Version8.0.19

Apache ≫ Tomcat Version8.0.20

Apache ≫ Tomcat Version8.0.21

Apache ≫ Tomcat Version8.0.22

Apache ≫ Tomcat Version8.0.23

Apache ≫ Tomcat Version8.0.24

Apache ≫ Tomcat Version8.0.25

Apache ≫ Tomcat Version8.0.26

Apache ≫ Tomcat Version8.0.27

Apache ≫ Tomcat Version8.0.28

Apache ≫ Tomcat Version8.0.29

Apache ≫ Tomcat Version8.0.30

Apache ≫ Tomcat Version8.0.31

Apache ≫ Tomcat Version8.0.32

Apache ≫ Tomcat Version8.0.33

Apache ≫ Tomcat Version8.0.34

Apache ≫ Tomcat Version8.0.35

Apache ≫ Tomcat Version8.0.36

Apache ≫ Tomcat Version8.0.37

Apache ≫ Tomcat Version8.0.38

Apache ≫ Tomcat Version8.0.39

Apache ≫ Tomcat Version8.0.40

Apache ≫ Tomcat Version8.0.41

Apache ≫ Tomcat Version8.0.42

Apache ≫ Tomcat Version8.5.0

Apache ≫ Tomcat Version8.5.1

Apache ≫ Tomcat Version8.5.2

Apache ≫ Tomcat Version8.5.3

Apache ≫ Tomcat Version8.5.4

Apache ≫ Tomcat Version8.5.5

Apache ≫ Tomcat Version8.5.6

Apache ≫ Tomcat Version8.5.7

Apache ≫ Tomcat Version8.5.8

Apache ≫ Tomcat Version8.5.9

Apache ≫ Tomcat Version8.5.10

Apache ≫ Tomcat Version8.5.11

Apache ≫ Tomcat Version8.5.12

Apache ≫ Tomcat Version9.0.0 Updatemilestone1

Apache ≫ Tomcat Version9.0.0 Updatemilestone10

Apache ≫ Tomcat Version9.0.0 Updatemilestone11

Apache ≫ Tomcat Version9.0.0 Updatemilestone12

Apache ≫ Tomcat Version9.0.0 Updatemilestone13

Apache ≫ Tomcat Version9.0.0 Updatemilestone14

Apache ≫ Tomcat Version9.0.0 Updatemilestone15

Apache ≫ Tomcat Version9.0.0 Updatemilestone16

Apache ≫ Tomcat Version9.0.0 Updatemilestone17

Apache ≫ Tomcat Version9.0.0 Updatemilestone18

Apache ≫ Tomcat Version9.0.0 Updatemilestone2

Apache ≫ Tomcat Version9.0.0 Updatemilestone3

Apache ≫ Tomcat Version9.0.0 Updatemilestone4

Apache ≫ Tomcat Version9.0.0 Updatemilestone5

Apache ≫ Tomcat Version9.0.0 Updatemilestone6

Apache ≫ Tomcat Version9.0.0 Updatemilestone7

Apache ≫ Tomcat Version9.0.0 Updatemilestone8

Apache ≫ Tomcat Version9.0.0 Updatemilestone9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.99%	0.88

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://security.gentoo.org/glsa/201705-09

https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E

https://access.redhat.com/errata/RHSA-2017:1801

https://access.redhat.com/errata/RHSA-2017:1802

https://access.redhat.com/errata/RHSA-2017:2493

https://access.redhat.com/errata/RHSA-2017:2494

https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E

http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt

http://www.debian.org/security/2017/dsa-3842

http://www.debian.org/security/2017/dsa-3843

http://www.securitytracker.com/id/1038218

https://access.redhat.com/errata/RHSA-2017:3080

https://access.redhat.com/errata/RHSA-2017:3081

https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us

https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E

https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E

https://security.netapp.com/advisory/ntap-20180614-0001/

https://nvd.nist.gov/vuln/detail/CVE-2017-5647

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-5647

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-5647

EUVD