Home

CVE-2017-5647

Description

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
3.726

Associated Vulnerability

VulnerabilityOS Platform
Update Tomcat to 9.5.14Windows
Update Tomcat to 9.5.5Windows
Update Tomcat to 9.5.7Windows
Update Tomcat to 9.5.8Windows
Update Tomcat to 9.6.10Windows
Update Tomcat to 9.6.3Windows
Update Tomcat to 9.6.4Windows
Update Tomcat to 9.6.7Windows
Update Tomcat to 9.6.8Windows
Update Tomcat to 2.4.5Windows
Update Tomcat to 3.0.14Windows
Vulnerabilities CVE-2017-5647,CVE-2017-5650 are fixed in Apache - tomcat 9.0.0Windows
Vulnerabilities CVE-2017-5647,CVE-2017-5650 are fixed in Apache - tomcat 8.5.13Windows
Vulnerabilities CVE-2017-5647 are fixed in Apache - tomcat 7.0.77Windows
Vulnerabilities CVE-2017-5647 are fixed in Apache - tomcat 6.0.53Windows
Vulnerabilities CVE-2017-5647 are fixed in Apache - tomcat 8.0.43Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 5.2.6.5Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.0.6Windows
Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.2Windows
Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.1.3.6Windows
Vulnerabilities CVE-2017-1493,CVE-2017-5647,CVE-2017-5650 are affected in IBM UrbanCode Deploy 6.2.4.0Windows
Servlet and JSP engine (USN-3519-1) tomcat7_7.0.52-1ubuntu0.13_all.debLinux
Servlet and JSP engine (USN-3519-1) tomcat8_8.0.32-1ubuntu1.5_all.debLinux
Servlet and JSP engine (USN-3519-1) tomcat8_8.0.38-2ubuntu2.2_all.debLinux
Servlet and JSP engine (USN-3519-1) libtomcat7-java_7.0.52-1ubuntu0.13_all.debLinux
Servlet and JSP engine (USN-3519-1) libtomcat8-java_8.0.32-1ubuntu1.5_all.debLinux
Servlet and JSP engine (USN-3519-1) libtomcat8-java_8.0.38-2ubuntu2.2_all.debLinux
tomcat7 security update(DSA-3842-1) tomcat7_7.0.56-3+deb8u10_all.debLinux
tomcat8 security update(DSA-3843-1) tomcat8_8.0.14-1+deb8u9_all.debLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-lib-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-webapps-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpmLinux
Tomcat6 security update (CESA-2016:2045) tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) Important: tomcat6 security update tomcat6-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) Important: tomcat6 security update tomcat6-admin-webapps-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) Important: tomcat6 security update tomcat6-docs-webapp-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) Important: tomcat6 security update tomcat6-javadoc-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) Important: tomcat6 security update tomcat6-lib-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) Important: tomcat6 security update tomcat6-webapps-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-7.0.76-3.el7_4.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-admin-webapps-7.0.76-3.el7_4.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-docs-webapp-7.0.76-3.el7_4.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-javadoc-7.0.76-3.el7_4.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-jsvc-7.0.76-3.el7_4.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-lib-7.0.76-3.el7_4.noarch.rpmLinux
(RHSA-2017:3081) Important: tomcat security update tomcat-webapps-7.0.76-3.el7_4.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-admin-webapps-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-docs-webapp-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-el-3_0-api-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-javadoc-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-jsp-2_3-api-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-lib-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-servlet-3_1-api-8.0.43-10.19.1.noarch.rpmLinux
SUSE-SU-2017:1382-1(SUSE Linux Enterprise Server 12-SP1 ) tomcat-webapps-8.0.43-10.19.1.noarch.rpmLinux
(RHSA-2017:3080) tomcat6 security update tomcat6-el-2.1-api-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) tomcat6 security update tomcat6-jsp-2.1-api-6.0.24-111.el6_9.noarch.rpmLinux
(RHSA-2017:3080) tomcat6 security update tomcat6-servlet-2.5-api-6.0.24-111.el6_9.noarch.rpmLinux
Update Tomcat to 9.5.14 (For Linux)Linux
Update Tomcat to 9.5.5 (For Linux)Linux
Update Tomcat to 9.5.7 (For Linux)Linux
Update Tomcat to 9.5.8 (For Linux)Linux
Update Tomcat to 9.6.10 (For Linux)Linux
Update Tomcat to 9.6.3 (For Linux)Linux
Update Tomcat to 9.6.4 (For Linux)Linux
Update Tomcat to 9.6.7 (For Linux)Linux
Update Tomcat to 9.6.8 (For Linux)Linux
Update Tomcat to 2.4.5 (For Linux)Linux
Update Tomcat to 3.0.14 (For Linux)Linux
(CESA-2017:3081) Important: tomcat security update tomcat-7.0.76-3.el7_4.noarch.rpmLinux
(CESA-2017:3081) Important: tomcat security update tomcat-admin-webapps-7.0.76-3.el7_4.noarch.rpmLinux
(CESA-2017:3081) Important: tomcat security update tomcat-docs-webapp-7.0.76-3.el7_4.noarch.rpmLinux
(CESA-2017:3081) Important: tomcat security update tomcat-javadoc-7.0.76-3.el7_4.noarch.rpmLinux
(CESA-2017:3081) Important: tomcat security update tomcat-jsvc-7.0.76-3.el7_4.noarch.rpmLinux
(CESA-2017:3081) Important: tomcat security update tomcat-lib-7.0.76-3.el7_4.noarch.rpmLinux
(CESA-2017:3081) Important: tomcat security update tomcat-webapps-7.0.76-3.el7_4.noarch.rpmLinux
Vulnerabilities CVE-2017-5647,CVE-2017-5650 are fixed in Apache - tomcat for Linux 9.0.0Linux
Vulnerabilities CVE-2017-5647,CVE-2017-5650 are fixed in Apache - tomcat for Linux 8.5.13Linux
Vulnerabilities CVE-2017-5647 are fixed in Apache - tomcat for Linux 7.0.77Linux
Vulnerabilities CVE-2017-5647 are fixed in Apache - tomcat for Linux 6.0.53Linux
Vulnerabilities CVE-2017-5647 are fixed in Apache - tomcat for Linux 8.0.43Linux
Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234