CVE-2017-5647
Public on 2017-04-17
Modified on 2024-02-17
Description
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Core | tomcat | Not Affected | ||
| Amazon Linux 2 - Tomcat8.5 Extra | tomcat | Not Affected | ||
| Amazon Linux 2 - Tomcat9 Extra | tomcat | Not Affected | ||
| Amazon Linux 1 | tomcat6 | 2017-04-20 | ALAS-2017-821 | Fixed |
| Amazon Linux 1 | tomcat7 | 2017-04-20 | ALAS-2017-822 | Fixed |
| Amazon Linux 1 | tomcat8 | 2017-04-20 | ALAS-2017-822 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |