CVE-2017-5651
Description
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
6.345
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Vulnerabilities CVE-2017-5651 are fixed in Apache-tomcat-coyate 9.0.0 | Windows |
| Vulnerabilities CVE-2017-5651 are fixed in Apache-tomcat-coyate 8.5.13 | Windows |
| Vulnerabilities CVE-2017-5651 are fixed in Apache - tomcat-embed-core 9.0.0 | Windows |
| Vulnerabilities CVE-2017-5651,CVE-2017-5648 are fixed in Apache - tomcat-embed-core 8.5.13 | Windows |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Vulnerabilities CVE-2017-5651 are fixed in Apache-tomcat-coyate for Linux 9.0.0 | Linux |
| Vulnerabilities CVE-2017-5651 are fixed in Apache-tomcat-coyate for Linux 8.5.13 | Linux |
| Vulnerabilities CVE-2017-5651 are fixed in Apache - tomcat-embed-core for Linux 9.0.0 | Linux |
| Vulnerabilities CVE-2017-5651,CVE-2017-5648 are fixed in Apache - tomcat-embed-core for Linux 8.5.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234