UBUNTU-CVE-2017-5647

Source
https://ubuntu.com/security/CVE-2017-5647
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-5647.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-5647
Related
Published
2017-04-17T00:00:00Z
Modified
2024-10-15T14:06:14Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

References

Affected packages

Ubuntu:14.04:LTS / tomcat7

Package

Name
tomcat7
Purl
pkg:deb/ubuntu/tomcat7?arch=src?distro=trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.0.52-1ubuntu0.13

Affected versions

7.*

7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "libservlet3.0-java"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "libservlet3.0-java-doc"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "libtomcat7-java"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-admin"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-common"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-docs"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-examples"
        },
        {
            "binary_version": "7.0.52-1ubuntu0.13",
            "binary_name": "tomcat7-user"
        }
    ]
}

Ubuntu:Pro:14.04:LTS / tomcat6

Package

Name
tomcat6
Purl
pkg:deb/ubuntu/tomcat6?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.0.37-1
6.0.39-1
6.0.39-1ubuntu0.1
6.0.39-1ubuntu0.1+esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:16.04:LTS / tomcat6

Package

Name
tomcat6
Purl
pkg:deb/ubuntu/tomcat6?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.0.45+dfsg-1

Affected versions

6.*

6.0.41-4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "6.0.45+dfsg-1",
            "binary_name": "libservlet2.5-java"
        },
        {
            "binary_version": "6.0.45+dfsg-1",
            "binary_name": "libservlet2.5-java-doc"
        }
    ]
}

Ubuntu:16.04:LTS / tomcat8

Package

Name
tomcat8
Purl
pkg:deb/ubuntu/tomcat8?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.32-1ubuntu1.5

Affected versions

8.*

8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "libservlet3.1-java"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "libservlet3.1-java-doc"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "libtomcat8-java"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-admin"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-common"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-docs"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-examples"
        },
        {
            "binary_version": "8.0.32-1ubuntu1.5",
            "binary_name": "tomcat8-user"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / tomcat7

Package

Name
tomcat7
Purl
pkg:deb/ubuntu/tomcat7?arch=src?distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / tomcat8

Package

Name
tomcat8
Purl
pkg:deb/ubuntu/tomcat8?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.5.21-1ubuntu1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libservlet3.1-java"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libservlet3.1-java-doc"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libtomcat8-embed-java"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "libtomcat8-java"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-admin"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-common"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-docs"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-examples"
        },
        {
            "binary_version": "8.5.21-1ubuntu1",
            "binary_name": "tomcat8-user"
        }
    ]
}