CVE-2017-5647

Public on 2017-04-17
Modified on 2024-02-17
Description
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 2 - Core tomcat Not Affected
HAQM Linux 2 - Tomcat8.5 Extra tomcat Not Affected
HAQM Linux 2 - Tomcat9 Extra tomcat Not Affected
HAQM Linux 1 tomcat6 2017-04-20 ALAS-2017-821 Fixed
HAQM Linux 1 tomcat7 2017-04-20 ALAS-2017-822 Fixed
HAQM Linux 1 tomcat8 2017-04-20 ALAS-2017-822 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
NVD CVSSv2 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N
NVD CVSSv3 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N