CVE-2017-5647

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 9.0.0.M1 through 9.0.0.M18 Apache Tomcat versions 8.5.0 through 8.5.12 Apache Tomcat versions 8.0.0.RC1 through 8.0.42 Apache Tomcat versions 7.0.0 through 7.0.76 Apache Tomcat versions 6.0.0 through 6.0.52

Description A bug in the handling of pipelined requests in Apache Tomcat, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B, and C could see the correct response for request A, the response for request C for request B, and no response for request C.

Recommendations For Apache Tomcat versions 9.0.0.M1 through 9.0.0.M18, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 8.5.0 through 8.5.12, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 8.0.0.RC1 through 8.0.42, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 7.0.0 through 7.0.76, update to a version outside of this range to resolve the issue. For Apache Tomcat versions 6.0.0 through 6.0.52, update to a version outside of this range to resolve the issue.