{"id":"CVE-2017-5651","details":"In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.","aliases":["GHSA-9hg2-395j-83rm"],"modified":"2026-04-10T04:01:42.860561Z","published":"2017-04-17T16:59:00.477Z","references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8%40%3Cannounce.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"http://www.securitytracker.com/id/1038219"},{"type":"WEB","url":"https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201705-09"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/97544"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20180614-0001/"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"type":"FIX","url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=60918"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/tomcat","events":[{"introduced":"0"},{"last_affected":"e37b977db6f47e4380ad67114a49e8568951c953"},{"introduced":"0"},{"last_affected":"389365303d986b2a918bc95f39421b27a2c9ff30"},{"introduced":"0"},{"last_affected":"f5dffa6e1148080fe5dc3690df917e805c72a714"},{"introduced":"0"},{"last_affected":"bdd72e8bc872876689e41631e47942366ca03364"},{"introduced":"0"},{"last_affected":"3e5565173dfe107f90419ab63bd4e2e7edc9deb4"},{"introduced":"0"},{"last_affected":"c6a2c4ed296c7f8839b72e8e31cb53b84102d02c"},{"introduced":"0"},{"last_affected":"61ff12fb282b1d00593b8d16e94ab8ec02f8d5be"},{"introduced":"0"},{"last_affected":"b5205c92f41dfd9a67f78bc783db7b022e38226c"},{"introduced":"0"},{"last_affected":"4178d385e09435a88ac34cf7025526b7f0055c55"},{"introduced":"0"},{"last_affected":"80083369bb8178efc49374a65d7eb73465e77f8b"},{"introduced":"0"},{"last_affected":"e14e9824c3087f79621a9796ddf9b3432be02858"},{"introduced":"0"},{"last_affected":"20ec6f6f034bb5eebe4f1b52140b680aaff6f380"},{"introduced":"0"},{"last_affected":"e95b65a27af4cd6681b6dc1bf17ee5abb897610d"},{"introduced":"0"},{"last_affected":"29b07def810d335012e738b22ab44d4e232b50d1"},{"introduced":"0"},{"last_affected":"10e04de1946981261a734507f4a6d953e2a206fe"},{"introduced":"0"},{"last_affected":"65ddc3a3872ea41ca67fec7b6834c704b6893361"},{"introduced":"0"},{"last_affected":"b5a74e3c7913c560648f0ffedfbbb3ebe4318def"},{"introduced":"0"},{"last_affected":"de128d72af746184e035ff1b53629f08cb141a04"},{"introduced":"0"},{"last_affected":"aac670afe1226e10513021100fce8a12344743c6"},{"introduced":"0"},{"last_affected":"c2c8107f0cea4755497a85990807b883b66f6b57"},{"introduced":"0"},{"last_affected":"8c48678b110f3fbbe66f6dde0e45d2578fa92c29"},{"introduced":"0"},{"last_affected":"9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f"},{"introduced":"0"},{"last_affected":"59e713216cf2256aacc54f6ba627865f356f9e4e"},{"introduced":"0"},{"last_affected":"18b014d8691909be6153ae7db022a6c35f9c93ea"},{"introduced":"0"},{"last_affected":"d1dc05e934e089ea8907998cf850760017a0ed82"},{"introduced":"0"},{"last_affected":"fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf"},{"introduced":"0"},{"last_affected":"c7b84102600d600bcc527560d9c4d10c3fd440ab"},{"introduced":"0"},{"last_affected":"d8ebf61e51b4455e3c226751e492a533f9002d48"},{"introduced":"0"},{"last_affected":"aba238718ac9b149d25feaa9a14ecad3b0e3a5e2"},{"introduced":"0"},{"last_affected":"fe854ab1f111396458d98fa2ab08c693ce9407e1"},{"introduced":"0"},{"last_affected":"45f8fd74cdb96490fab8709263a4d862f0d429cf"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.5.0"},{"introduced":"0"},{"last_affected":"8.5.1"},{"introduced":"0"},{"last_affected":"8.5.2"},{"introduced":"0"},{"last_affected":"8.5.3"},{"introduced":"0"},{"last_affected":"8.5.4"},{"introduced":"0"},{"last_affected":"8.5.5"},{"introduced":"0"},{"last_affected":"8.5.6"},{"introduced":"0"},{"last_affected":"8.5.7"},{"introduced":"0"},{"last_affected":"8.5.8"},{"introduced":"0"},{"last_affected":"8.5.9"},{"introduced":"0"},{"last_affected":"8.5.10"},{"introduced":"0"},{"last_affected":"8.5.11"},{"introduced":"0"},{"last_affected":"8.5.12"},{"introduced":"0"},{"last_affected":"9.0.0-milestone1"},{"introduced":"0"},{"last_affected":"9.0.0-milestone10"},{"introduced":"0"},{"last_affected":"9.0.0-milestone11"},{"introduced":"0"},{"last_affected":"9.0.0-milestone12"},{"introduced":"0"},{"last_affected":"9.0.0-milestone13"},{"introduced":"0"},{"last_affected":"9.0.0-milestone14"},{"introduced":"0"},{"last_affected":"9.0.0-milestone15"},{"introduced":"0"},{"last_affected":"9.0.0-milestone16"},{"introduced":"0"},{"last_affected":"9.0.0-milestone17"},{"introduced":"0"},{"last_affected":"9.0.0-milestone18"},{"introduced":"0"},{"last_affected":"9.0.0-milestone2"},{"introduced":"0"},{"last_affected":"9.0.0-milestone3"},{"introduced":"0"},{"last_affected":"9.0.0-milestone4"},{"introduced":"0"},{"last_affected":"9.0.0-milestone5"},{"introduced":"0"},{"last_affected":"9.0.0-milestone6"},{"introduced":"0"},{"last_affected":"9.0.0-milestone7"},{"introduced":"0"},{"last_affected":"9.0.0-milestone8"},{"introduced":"0"},{"last_affected":"9.0.0-milestone9"}]}}],"versions":["8.5.0","8.5.1","8.5.10","8.5.11","8.5.12","8.5.2","8.5.3","8.5.4","8.5.5","8.5.6","8.5.7","8.5.8","8.5.9","9.0.0-M1","9.0.0-M10","9.0.0-M11","9.0.0-M12","9.0.0-M13","9.0.0-M14","9.0.0-M15","9.0.0-M16","9.0.0-M17","9.0.0-M18","9.0.0-M2","9.0.0-M3","9.0.0-M4","9.0.0-M5","9.0.0-M6","9.0.0-M7","9.0.0-M8","9.0.0-M9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5651.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}