CVE-2017-5651

{"id": "CVE-2017-5651", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-04-17T16:59:00.477", "references": [{"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/bid/97544", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://www.securitytracker.com/id/1038219", "source": "security@apache.org"}, {"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60918", "tags": ["Issue Tracking", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E", "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/201705-09", "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20180614-0001/", "source": "security@apache.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up."}, {"lang": "es", "value": "En Apache Tomcat 9.0.0.M1 a 9.0.0.M18 y 8.5.0 a 8.5.12, la refactorizaci\u00f3n de los conectores HTTP introdujo una regresi\u00f3n en el procesamiento de archivos de env\u00edo. Si el procesamiento de archivos enviados se complet\u00f3 r\u00e1pidamente, es posible que el Procesador se agregue a la cach\u00e9 del procesador dos veces. Esto podr\u00eda resultar en el mismo procesador que se utiliza para m\u00faltiples solicitudes que a su vez podr\u00eda dar lugar a errores inesperados y / o mezcla de respuesta."}], "lastModified": "2023-12-08T16:41:18.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A7FC28-A0EC-4516-9776-700343D2F4DB"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18814653-6D44-47D9-A2F5-89C5AFB255F8"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4D811A9-4988-4C11-AA27-F5BE2B93D8D4"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAEF824D-7E95-4BC1-8DBB-787DCE595E21"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97F4A2B3-DB1D-4D0B-B5FF-7EE2A0D291BB"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B461D5A-1208-498F-B551-46C6D514AC2B"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "598E5D91-0165-4D55-9EDD-EBB5AAAD1172"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B6B61B7-09A3-41C8-8333-0417C14CC87E"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95A139BA-CD3C-42F5-88BA-BE7BE58246D7"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "876EADA5-60AD-4849-BE10-61C75AA75053"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1814F8DE-2060-411F-9FCC-6EC42AF5663D"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AF6DBF7-BB0A-4AE6-84DA-51428ACF47CD"}, {"criteria": "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A34F72ED-04FE-4EDE-BB18-BE8B1E99EEF1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}