VYPR
Critical severity9.8NVD Advisory· Published Apr 17, 2017· Updated Jun 17, 2026

CVE-2017-5651

CVE-2017-5651

Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcat-coyoteMaven
>= 9.0.0.M1, < 9.0.0.M199.0.0.M19
org.apache.tomcat:tomcat-coyoteMaven
>= 8.5.0, < 8.5.138.5.13
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 9.0.0.M1, < 9.0.0.M199.0.0.M19
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.5.0, < 8.5.138.5.13

Affected products

34
  • Apache/Tomcat31 versions
    cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*+ 30 more
    • cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 9.0.0.M1, < 9.0.0.M19+ 1 more
    • (no CPE)range: >= 9.0.0.M1, < 9.0.0.M19
    • (no CPE)range: >= 9.0.0.M1, < 9.0.0.M19
  • Apache Software Foundation/Apache Tomcatv5
    Range: 9.0.0.M1 to 9.0.0.M18

Patches

Vulnerability mechanics

References

31

News mentions

0

No linked articles in our index yet.