CVE-2017-5651 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2017-5651 Interim 1 11 2025-11-05T04:06:19Z current 2021-05-30T13:52:56Z 2025-11-05T04:06:19Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2017-5651 In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12-LTSS tomcat tomcat-admin-webapps tomcat-docs-webapp tomcat-el-2_2-api tomcat-el-3_0-api tomcat-javadoc tomcat-jsp-2_2-api tomcat-jsp-2_3-api tomcat-lib tomcat-servlet-3_0-api tomcat-servlet-3_1-api tomcat-webapps tomcat as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP1 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP1 tomcat as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-el-3_0-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-javadoc as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-jsp-2_3-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-lib as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-servlet-3_1-api as a component of SUSE Linux Enterprise Server 12 SP2 tomcat-webapps as a component of SUSE Linux Enterprise Server 12 SP2 tomcat as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-admin-webapps as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-docs-webapp as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-el-2_2-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-javadoc as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-jsp-2_2-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-lib as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-servlet-3_0-api as a component of SUSE Linux Enterprise Server 12-LTSS tomcat-webapps as a component of SUSE Linux Enterprise Server 12-LTSS In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up. CVE-2017-5651 SUSE Linux Enterprise Server 12 SP1:tomcat SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP1:tomcat-lib SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP1:tomcat-webapps SUSE Linux Enterprise Server 12 SP2:tomcat SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api SUSE Linux Enterprise Server 12 SP2:tomcat-lib SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api SUSE Linux Enterprise Server 12 SP2:tomcat-webapps SUSE Linux Enterprise Server 12-LTSS:tomcat SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api SUSE Linux Enterprise Server 12-LTSS:tomcat-lib SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps moderate 3.6 AV:N/AC:H/Au:S/C:P/I:P/A:N 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H