CVE-2017-5651
Expected Behavior Violation in Apache Tomcat
9.8
CRITICAL
CVSS 3.1
EPSS 6.1%
Description
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.
How to fix CVE-2017-5651
To remediate CVE-2017-5651, upgrade the affected package to a fixed version below.
- —upgrade to 9.0.0.M19 or later
- —upgrade to 9.0.0.M19 or later
Is CVE-2017-5651 being exploited?
Moderate — EPSS is 6.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- >= 9.0.0.M1, < 9.0.0.M19
- >= 9.0.0.M1, < 9.0.0.M19
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |