CVE-2017-5647
Public on 2017-04-17
Modified on 2024-02-17
Description
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 2 - Core | tomcat | Not Affected | ||
| HAQM Linux 2 - Tomcat8.5 Extra | tomcat | Not Affected | ||
| HAQM Linux 2 - Tomcat9 Extra | tomcat | Not Affected | ||
| HAQM Linux 1 | tomcat6 | 2017-04-20 | ALAS-2017-821 | Fixed |
| HAQM Linux 1 | tomcat7 | 2017-04-20 | ALAS-2017-822 | Fixed |
| HAQM Linux 1 | tomcat8 | 2017-04-20 | ALAS-2017-822 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |