A vulnerability was discovered in Tomcat's handling of pipelined requests when "Sendfile" was used. If sendfile processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could lead to invalid responses or information disclosure.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | tomcat6 | 2017-04-20 06:17 | ALAS-2017-821 |
Amazon Linux 1 | tomcat7 | 2017-04-20 06:18 | ALAS-2017-822 |
Amazon Linux 1 | tomcat8 | 2017-04-20 06:18 | ALAS-2017-822 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |