5
CVSSv2

CVE-2017-5647

Published: 17/04/2017 Updated: 15/04/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Affected Products

Vendor Product Versions
ApacheTomcat6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.21, 6.0.22, 6.0.23, 6.0.24, 6.0.25, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.34, 6.0.35, 6.0.36, 6.0.37, 6.0.38, 6.0.39, 6.0.40, 6.0.41, 6.0.42, 6.0.43, 6.0.44, 6.0.45, 6.0.46, 6.0.47, 6.0.48, 6.0.49, 6.0.50, 6.0.51, 6.0.52, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.51, 7.0.52, 7.0.53, 7.0.54, 7.0.55, 7.0.56, 7.0.57, 7.0.58, 7.0.59, 7.0.60, 7.0.61, 7.0.62, 7.0.63, 7.0.64, 7.0.65, 7.0.66, 7.0.67, 7.0.68, 7.0.69, 7.0.70, 7.0.71, 7.0.72, 7.0.73, 7.0.74, 7.0.75, 7.0.76, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33, 8.0.34, 8.0.35, 8.0.36, 8.0.37, 8.0.38, 8.0.39, 8.0.40, 8.0.41, 8.0.42, 8.5.0, 8.5.1, 8.5.2, 8.5.3, 8.5.4, 8.5.5, 8.5.6, 8.5.7, 8.5.8, 8.5.9, 8.5.10, 8.5.11, 8.5.12, 9.0.0

Vendor Advisories

Synopsis Important: tomcat6 security update Type/Severity Security Advisory: Important Topic An update for tomcat6 is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: tomcat security update Type/Severity Security Advisory: Important Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, w ...
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Incorrect handling of pipelined requests when send file was used:A bug in the handling of the pipelined requests in Apache Tomcat 900M1 to 900M18, 850 to 8512, 800RC1 to 8042, 700 to 7076, and 600 to 6052, when send file was used, results in the pipelined request being lost when send file processing of the previous request co ...
Two vulnerabilities were discovered in tomcat8, a servlet and JSP engine CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running ...
Two vulnerabilities were discovered in tomcat7, a servlet and JSP engine CVE-2017-5647 Pipelined requests were processed incorrectly, which could result in some responses appearing to be sent for the wrong request CVE-2017-5648 Some application listeners calls were issued against the wrong objects, allowing untrusted applications running ...
Several security issues were fixed in Tomcat ...
A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice This could lead to invalid responses or information disclosure ...
Debian Bug report logs - #860070 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:48:04 UTC Owne ...
Incorrect handling of pipelined requests when send file was usedA bug in the handling of the pipelined requests in Apache Tomcat 900M1 to 900M18, 850 to 8512, 800RC1 to 8042, 700 to 7076, and 600 to 6052, when send file was used, results in the pipelined request being lost when send file processing of the previous request com ...
Debian Bug report logs - #860068 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:45:02 UTC Owne ...
Debian Bug report logs - #860071 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:51:02 UTC Owne ...
Debian Bug report logs - #860069 tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651 Package: src:tomcat8; Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 11 Apr 2017 04:48:01 UTC Owne ...
Symantec Network Protection products using affected versions of Apache Tomcat are susceptible to multiple security vulnerabilities  A remote attacker, with access to the management interface, can obtain sensitive information from the server, modify information associated with a different web application, execute arbitrary code, modify server beha ...
Oracle Solaris Third Party Bulletin - April 2017 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Linux Bulletin - October 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...

Mailing Lists

Note: the current version of the following document is available here: softwaresupportsoftwaregrpcom/document/-/facetsearch/document/KM03286177 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03286177 Version: 1 MFSBGN03830 rev1 - Service Manager, unauthorized disclosure of information NOTICE: The information in this Securit ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: softwaresupporthpecom/document/-/facetsearch/document/KM03236632 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: KM03236632 Version: 1 MFSBGN03813 rev1 - Network Operations Management (NOM) Suite CDF, Remote C ...

Github Repositories

Recent Articles

Aruba bugs squashed in seven-vuln splatfest
The Register • Richard Chirgwin • 29 May 2017

ClearPass Policy Manager needs upgrade

In case you missed it: there's a bunch of bad bugs in HPE's Aruba ClearPass Policy Manager.
The Bugtraq post landed here Friday afternoon US time, a followup to HPE's announcement of a collection of seven CVEs (Common Vulnerabilities and Exposures).
HPE hasn't detailed the nature of the vulnerabilities, but they include an unauthenticated remote code execution (RCE) bug (CVE-2017-5824), a privilege escalation bug (CVE-2017-5825), an RCE available to authenticated users (CVE-2017-5826...

References

CWE-200http://www.arubanetworks.com/assets/alert/HPESBHF03730.txthttp://www.debian.org/security/2017/dsa-3842http://www.debian.org/security/2017/dsa-3843http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlhttp://www.securitytracker.com/id/1038218https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:2493https://access.redhat.com/errata/RHSA-2017:2494https://access.redhat.com/errata/RHSA-2017:3080https://access.redhat.com/errata/RHSA-2017:3081https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_ushttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3Ehttps://security.gentoo.org/glsa/201705-09https://security.netapp.com/advisory/ntap-20180614-0001/https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.rapid7.com/db/vulnerabilities/debian-cve-2017-5647https://access.redhat.com/errata/RHSA-2017:3080https://nvd.nist.govhttps://usn.ubuntu.com/3519-1/https://alas.aws.amazon.com/ALAS-2017-821.html