CVE-2017-5651

critical

Apache

CVSS v3 Base Score

9.8

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.1%

Exploitation probability in 30 days

Top 9% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: April 17, 2017 (3314 days ago)

Last Modified: May 13, 2026

Vendor: Apache

Source: NVD

Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

CWE

NVD-CWE-noinfo

Affected Products

apache tomcat

References

🔗 www.oracle.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com 🔗 bz.apache.org 🔗 lists.apache.org

CVE-2017-5651

Vulnerability Report

Description

CWE

Affected Products

References