#VU6674 Information disclosure in Apache Tomcat - CVE-2017-5647
Published: May 24, 2017 / Updated: July 25, 2018
Vulnerability identifier: #VU6674
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-5647
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apache Tomcat
Apache Tomcat
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. A remote attacker can cause responses to appear to be sent for the wrong request.
The weakness exists in the handling of the pipelined requests when send file was used resulted in the pipelined request being lost when send file processing of the previous request completed. A remote attacker can cause responses to appear to be sent for the wrong request.
Remediation
The vulnerability is addressed in the versions 6.0.53, 7.0.77, 9.0.0 M19.