NVD脆弱性詳細

CVE-2017-5647

概要	A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
公表日	2017年4月18日1:59
登録日	2021年1月26日13:26
最終更新日	2024年11月21日12:28

CVSS3.0 : HIGH
スコア	7.5
ベクター	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	不要
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	なし
可用性への影響(A)	なし

CVSS2.0 : MEDIUM
スコア	5.0
ベクター	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
全ての特権を取得	いいえ
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.39:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.34:::::::*
cpe:2.3:a:apache:tomcat:6.0.47:::::::*
cpe:2.3:a:apache:tomcat:6.0.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.52:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.42:::::::*
cpe:2.3:a:apache:tomcat:6.0.44:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.50:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.38:::::::*
cpe:2.3:a:apache:tomcat:6.0.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.48:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.45:::::::*
cpe:2.3:a:apache:tomcat:6.0.41:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.46:::::::*
cpe:2.3:a:apache:tomcat:6.0.43:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.49:::::::*
cpe:2.3:a:apache:tomcat:6.0.51:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.40:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.58:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.51:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.72:::::::*
cpe:2.3:a:apache:tomcat:7.0.76:::::::*
cpe:2.3:a:apache:tomcat:7.0.71:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:7.0.74:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.66:::::::*
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.69:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.60:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.68:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.75:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:7.0.70:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.73:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.0.4:::::::*
cpe:2.3:a:apache:tomcat:8.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.30:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:8.0.7:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:8.0.40:::::::*
cpe:2.3:a:apache:tomcat:8.0.2:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.31:::::::*
cpe:2.3:a:apache:tomcat:8.0.5:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.19:::::::*
cpe:2.3:a:apache:tomcat:8.0.39:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:8.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.29:::::::*
cpe:2.3:a:apache:tomcat:8.0.42:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.36:::::::*
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:8.0.33:::::::*
cpe:2.3:a:apache:tomcat:8.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:8.0.32:::::::*
cpe:2.3:a:apache:tomcat:8.0.41:::::::*
cpe:2.3:a:apache:tomcat:8.0.25:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:8.0.35:::::::*
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.38:::::::*
cpe:2.3:a:apache:tomcat:8.0.13:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.9:::::::*
cpe:2.3:a:apache:tomcat:8.0.16:::::::*
cpe:2.3:a:apache:tomcat:8.0.8:::::::*
cpe:2.3:a:apache:tomcat:8.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.37:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.5.2:::::::*
cpe:2.3:a:apache:tomcat:8.5.9:::::::*
cpe:2.3:a:apache:tomcat:8.5.4:::::::*
cpe:2.3:a:apache:tomcat:8.5.0:::::::*
cpe:2.3:a:apache:tomcat:8.5.10:::::::*
cpe:2.3:a:apache:tomcat:8.5.5:::::::*
cpe:2.3:a:apache:tomcat:8.5.3:::::::*
cpe:2.3:a:apache:tomcat:8.5.6:::::::*
cpe:2.3:a:apache:tomcat:8.5.7:::::::*
cpe:2.3:a:apache:tomcat:8.5.8:::::::*
cpe:2.3:a:apache:tomcat:8.5.12:::::::*
cpe:2.3:a:apache:tomcat:8.5.11:::::::*
cpe:2.3:a:apache:tomcat:8.5.1:::::::*

構成5	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::

関連情報、対策とツール

No	URL	refsource	タグ
1	http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt
2	http://www.arubanetworks.com/assets/alert/HPESBHF03730.txt
3	http://www.debian.org/security/2017/dsa-3842
4	http://www.debian.org/security/2017/dsa-3842
5	http://www.debian.org/security/2017/dsa-3843
6	http://www.debian.org/security/2017/dsa-3843
7	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
8	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
9	http://www.securitytracker.com/id/1038218
10	http://www.securitytracker.com/id/1038218
11	https://access.redhat.com/errata/RHSA-2017:1801
12	https://access.redhat.com/errata/RHSA-2017:1801
13	https://access.redhat.com/errata/RHSA-2017:1802
14	https://access.redhat.com/errata/RHSA-2017:1802
15	https://access.redhat.com/errata/RHSA-2017:2493
16	https://access.redhat.com/errata/RHSA-2017:2493
17	https://access.redhat.com/errata/RHSA-2017:2494
18	https://access.redhat.com/errata/RHSA-2017:2494
19	https://access.redhat.com/errata/RHSA-2017:3080
20	https://access.redhat.com/errata/RHSA-2017:3080
21	https://access.redhat.com/errata/RHSA-2017:3081
22	https://access.redhat.com/errata/RHSA-2017:3081
23	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us
24	https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03730en_us
25	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
26	https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
27	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
28	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
29	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
30	https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
31	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
32	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
33	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
34	https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
35	https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E
36	https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a%40%3Cusers.tomcat.apache.org%3E
37	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
38	https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb%40%3Cdev.tomcat.apache.org%3E
39	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
40	https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
41	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
42	https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
43	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
44	https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
45	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
46	https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
47	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
48	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
49	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
50	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
51	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
52	https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
53	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
54	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
55	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
56	https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
57	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
58	https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
59	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
60	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
61	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
62	https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
63	https://security.gentoo.org/glsa/201705-09
64	https://security.gentoo.org/glsa/201705-09
65	https://security.netapp.com/advisory/ntap-20180614-0001/
66	https://security.netapp.com/advisory/ntap-20180614-0001/
67	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
68	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-200	情報漏えい	https://cwe.mitre.org/data/definitions/200.html

JVN脆弱性情報

Apache Tomcat における情報漏えいに関する脆弱性

タイトル	Apache Tomcat における情報漏えいに関する脆弱性
概要	Apache Tomcat には、情報漏えいに関する脆弱性が存在します。
想定される影響	情報を取得される可能性があります。
対策	参考情報を参照して適切な対策を実施してください。
公表日	2017年4月11日0:00
登録日	2017年5月15日18:17
最終更新日	2017年10月3日13:42

影響を受けるシステム

Apache Software Foundation

Apache Tomcat 6.0.0 から 6.0.52

Apache Tomcat 7.0.0 から 7.0.76

Apache Tomcat 8.0.0.RC1 から 8.0.42

Apache Tomcat 8.5.0 から 8.5.12

Apache Tomcat 9.0.0.M1 から 9.0.0.M18

日本電気

MailShooter

SimpWright

SpoolServer/Winspoolシリーズ

WebOTX Application Server Enterprise

WebOTX Application Server Express

WebOTX Application Server Standard

WebOTX Developer

WebOTX Portal

WebSAM Application Navigator 4.2.0.1 以降

WebSAM MCOperations 4.2.1.0 以降

WebSAM SystemManager 6.2.1.0 以降

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-5647	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5647
National Vulnerability Database (NVD)
2	CVE-2017-5647	https://nvd.nist.gov/vuln/detail/CVE-2017-5647

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-200	https://jvndb.jvn.jp/ja/cwe/CWE-200.html

ベンダー情報

No	名前	URL
NEC製品セキュリティ情報
1	NV17-012	http://jpn.nec.com/security-info/secinfo/nv17-012.html
Pony Mail
2	[SECURITY] CVE-2017-5647 Apache Tomcat Information Disclosure	https://lists.apache.org/thread.html/5796678c5a773c6f3ff57c178ac247d85ceca0dee9190ba48171451a@%3Cusers.tomcat.apache.org%3E

その他

No	名前	URL
JVN
1	JVNVU#90211511	http://jvn.jp/vu/JVNVU90211511/index.html

変更履歴

No	変更内容	変更日
0	[2017年05月15日] 掲載 [2017年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：日本電気 (NV17-012) を追加 [2017年10月03日] 影響を受けるシステム：ベンダ情報 (NV17-012) の更新に伴い内容を更新	2018年2月17日10:37

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.39:::::::*
cpe:2.3:a:apache:tomcat:6.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:6.0.34:::::::*
cpe:2.3:a:apache:tomcat:6.0.47:::::::*
cpe:2.3:a:apache:tomcat:6.0.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:::::::*
cpe:2.3:a:apache:tomcat:6.0.4:::::::*
cpe:2.3:a:apache:tomcat:6.0.52:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:6.0.42:::::::*
cpe:2.3:a:apache:tomcat:6.0.44:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.21:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.50:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.38:::::::*
cpe:2.3:a:apache:tomcat:6.0.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.37:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:6.0.48:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.45:::::::*
cpe:2.3:a:apache:tomcat:6.0.41:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.46:::::::*
cpe:2.3:a:apache:tomcat:6.0.43:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:6.0.49:::::::*
cpe:2.3:a:apache:tomcat:6.0.51:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.40:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*

構成2	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:7.0.49:::::::*
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.62:::::::*
cpe:2.3:a:apache:tomcat:7.0.53:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.58:::::::*
cpe:2.3:a:apache:tomcat:7.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.55:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.51:::::::*
cpe:2.3:a:apache:tomcat:7.0.63:::::::*
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.72:::::::*
cpe:2.3:a:apache:tomcat:7.0.76:::::::*
cpe:2.3:a:apache:tomcat:7.0.71:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.59:::::::*
cpe:2.3:a:apache:tomcat:7.0.65:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.48:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.67:::::::*
cpe:2.3:a:apache:tomcat:7.0.74:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.66:::::::*
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.69:::::::*
cpe:2.3:a:apache:tomcat:7.0.7:::::::*
cpe:2.3:a:apache:tomcat:7.0.52:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.60:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.68:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.75:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.61:::::::*
cpe:2.3:a:apache:tomcat:7.0.57:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.56:::::::*
cpe:2.3:a:apache:tomcat:7.0.64:::::::*
cpe:2.3:a:apache:tomcat:7.0.70:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.73:::::::*

構成3	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.0.4:::::::*
cpe:2.3:a:apache:tomcat:8.0.10:::::::*
cpe:2.3:a:apache:tomcat:8.0.30:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:::::::*
cpe:2.3:a:apache:tomcat:8.0.17:::::::*
cpe:2.3:a:apache:tomcat:8.0.7:::::::*
cpe:2.3:a:apache:tomcat:8.0.26:::::::*
cpe:2.3:a:apache:tomcat:8.0.40:::::::*
cpe:2.3:a:apache:tomcat:8.0.2:::::::*
cpe:2.3:a:apache:tomcat:8.0.20:::::::*
cpe:2.3:a:apache:tomcat:8.0.31:::::::*
cpe:2.3:a:apache:tomcat:8.0.5:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:8.0.19:::::::*
cpe:2.3:a:apache:tomcat:8.0.39:::::::*
cpe:2.3:a:apache:tomcat:8.0.12:::::::*
cpe:2.3:a:apache:tomcat:8.0.27:::::::*
cpe:2.3:a:apache:tomcat:8.0.15:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.22:::::::*
cpe:2.3:a:apache:tomcat:8.0.29:::::::*
cpe:2.3:a:apache:tomcat:8.0.42:::::::*
cpe:2.3:a:apache:tomcat:8.0.11:::::::*
cpe:2.3:a:apache:tomcat:8.0.24:::::::*
cpe:2.3:a:apache:tomcat:8.0.36:::::::*
cpe:2.3:a:apache:tomcat:8.0.23:::::::*
cpe:2.3:a:apache:tomcat:8.0.33:::::::*
cpe:2.3:a:apache:tomcat:8.0.6:::::::*
cpe:2.3:a:apache:tomcat:8.0.21:::::::*
cpe:2.3:a:apache:tomcat:8.0.32:::::::*
cpe:2.3:a:apache:tomcat:8.0.41:::::::*
cpe:2.3:a:apache:tomcat:8.0.25:::::::*
cpe:2.3:a:apache:tomcat:8.0.18:::::::*
cpe:2.3:a:apache:tomcat:8.0.35:::::::*
cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:8.0.38:::::::*
cpe:2.3:a:apache:tomcat:8.0.13:::::::*
cpe:2.3:a:apache:tomcat:8.0.14:::::::*
cpe:2.3:a:apache:tomcat:8.0.9:::::::*
cpe:2.3:a:apache:tomcat:8.0.16:::::::*
cpe:2.3:a:apache:tomcat:8.0.8:::::::*
cpe:2.3:a:apache:tomcat:8.0.34:::::::*
cpe:2.3:a:apache:tomcat:8.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.37:::::::*

構成4	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:8.5.2:::::::*
cpe:2.3:a:apache:tomcat:8.5.9:::::::*
cpe:2.3:a:apache:tomcat:8.5.4:::::::*
cpe:2.3:a:apache:tomcat:8.5.0:::::::*
cpe:2.3:a:apache:tomcat:8.5.10:::::::*
cpe:2.3:a:apache:tomcat:8.5.5:::::::*
cpe:2.3:a:apache:tomcat:8.5.3:::::::*
cpe:2.3:a:apache:tomcat:8.5.6:::::::*
cpe:2.3:a:apache:tomcat:8.5.7:::::::*
cpe:2.3:a:apache:tomcat:8.5.8:::::::*
cpe:2.3:a:apache:tomcat:8.5.12:::::::*
cpe:2.3:a:apache:tomcat:8.5.11:::::::*
cpe:2.3:a:apache:tomcat:8.5.1:::::::*

構成5	以上	以下	より上	未満
cpe:2.3:a:apache:tomcat:9.0.0:milestone1::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone10::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone11::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone12::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone13::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone14::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone15::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone16::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone17::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone18::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone2::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone3::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone4::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone5::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone6::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone7::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone8::::::
cpe:2.3:a:apache:tomcat:9.0.0:milestone9::::::