{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2017-5651","title":"Title"},{"category":"description","text":"In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2017-5651","url":"https://www.suse.com/security/cve/CVE-2017-5651"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1033444 for CVE-2017-5651","url":"https://bugzilla.suse.com/1033444"}],"title":"SUSE CVE CVE-2017-5651","tracking":{"current_release_date":"2025-04-25T08:18:35Z","generator":{"date":"2023-02-15T04:49:47Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2017-5651","initial_release_date":"2023-02-15T04:49:47Z","revision_history":[{"date":"2023-02-15T04:49:47Z","number":"2","summary":"Current version"},{"date":"2025-01-01T09:09:35Z","number":"3","summary":"Current version"},{"date":"2025-02-18T07:53:39Z","number":"4","summary":"Current version"},{"date":"2025-03-14T05:06:24Z","number":"5","summary":"Current version"},{"date":"2025-03-16T03:18:09Z","number":"6","summary":"Current version"},{"date":"2025-04-25T08:18:35Z","number":"7","summary":"Current version"}],"status":"interim","version":"7"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP1","product":{"name":"SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12 SP2","product":{"name":"SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2","product_identification_helper":{"cpe":"cpe:/o:suse:sles:12:sp2"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 12-LTSS","product":{"name":"SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS","product_identification_helper":{"cpe":"cpe:/o:suse:sles-ltss:12"}}},{"category":"product_version","name":"tomcat","product":{"name":"tomcat","product_id":"tomcat","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-admin-webapps","product":{"name":"tomcat-admin-webapps","product_id":"tomcat-admin-webapps","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-admin-webapps@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-docs-webapp","product":{"name":"tomcat-docs-webapp","product_id":"tomcat-docs-webapp","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-docs-webapp@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-el-2_2-api","product":{"name":"tomcat-el-2_2-api","product_id":"tomcat-el-2_2-api","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-el-2_2-api@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-el-3_0-api","product":{"name":"tomcat-el-3_0-api","product_id":"tomcat-el-3_0-api","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-el-3_0-api@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-javadoc","product":{"name":"tomcat-javadoc","product_id":"tomcat-javadoc","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-javadoc@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-jsp-2_2-api","product":{"name":"tomcat-jsp-2_2-api","product_id":"tomcat-jsp-2_2-api","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-jsp-2_2-api@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-jsp-2_3-api","product":{"name":"tomcat-jsp-2_3-api","product_id":"tomcat-jsp-2_3-api","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-jsp-2_3-api@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-lib","product":{"name":"tomcat-lib","product_id":"tomcat-lib","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-lib@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-servlet-3_0-api","product":{"name":"tomcat-servlet-3_0-api","product_id":"tomcat-servlet-3_0-api","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-servlet-3_0-api@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-servlet-3_1-api","product":{"name":"tomcat-servlet-3_1-api","product_id":"tomcat-servlet-3_1-api","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-servlet-3_1-api@?upstream=tomcat.src.rpm"}}},{"category":"product_version","name":"tomcat-webapps","product":{"name":"tomcat-webapps","product_id":"tomcat-webapps","product_identification_helper":{"cpe":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/tomcat-webapps@?upstream=tomcat.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"tomcat as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat"},"product_reference":"tomcat","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-admin-webapps as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps"},"product_reference":"tomcat-admin-webapps","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-docs-webapp as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp"},"product_reference":"tomcat-docs-webapp","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-el-3_0-api as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api"},"product_reference":"tomcat-el-3_0-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-javadoc as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc"},"product_reference":"tomcat-javadoc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-jsp-2_3-api as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api"},"product_reference":"tomcat-jsp-2_3-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-lib as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-lib"},"product_reference":"tomcat-lib","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-servlet-3_1-api as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api"},"product_reference":"tomcat-servlet-3_1-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat-webapps as component of SUSE Linux Enterprise Server 12 SP1","product_id":"SUSE Linux Enterprise Server 12 SP1:tomcat-webapps"},"product_reference":"tomcat-webapps","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP1"},{"category":"default_component_of","full_product_name":{"name":"tomcat as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat"},"product_reference":"tomcat","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-admin-webapps as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps"},"product_reference":"tomcat-admin-webapps","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-docs-webapp as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp"},"product_reference":"tomcat-docs-webapp","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-el-3_0-api as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api"},"product_reference":"tomcat-el-3_0-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-javadoc as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc"},"product_reference":"tomcat-javadoc","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-jsp-2_3-api as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api"},"product_reference":"tomcat-jsp-2_3-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-lib as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-lib"},"product_reference":"tomcat-lib","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-servlet-3_1-api as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api"},"product_reference":"tomcat-servlet-3_1-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat-webapps as component of SUSE Linux Enterprise Server 12 SP2","product_id":"SUSE Linux Enterprise Server 12 SP2:tomcat-webapps"},"product_reference":"tomcat-webapps","relates_to_product_reference":"SUSE Linux Enterprise Server 12 SP2"},{"category":"default_component_of","full_product_name":{"name":"tomcat as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat"},"product_reference":"tomcat","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-admin-webapps as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps"},"product_reference":"tomcat-admin-webapps","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-docs-webapp as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp"},"product_reference":"tomcat-docs-webapp","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-el-2_2-api as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api"},"product_reference":"tomcat-el-2_2-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-javadoc as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc"},"product_reference":"tomcat-javadoc","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-jsp-2_2-api as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api"},"product_reference":"tomcat-jsp-2_2-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-lib as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-lib"},"product_reference":"tomcat-lib","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-servlet-3_0-api as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api"},"product_reference":"tomcat-servlet-3_0-api","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"},{"category":"default_component_of","full_product_name":{"name":"tomcat-webapps as component of SUSE Linux Enterprise Server 12-LTSS","product_id":"SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps"},"product_reference":"tomcat-webapps","relates_to_product_reference":"SUSE Linux Enterprise Server 12-LTSS"}]},"vulnerabilities":[{"cve":"CVE-2017-5651","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2017-5651"}],"notes":[{"category":"general","text":"In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in the same Processor being used for multiple requests which in turn could lead to unexpected errors and/or response mix-up.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Linux Enterprise Server 12 SP1:tomcat","SUSE Linux Enterprise Server 12 SP1:tomcat-admin-webapps","SUSE Linux Enterprise Server 12 SP1:tomcat-docs-webapp","SUSE Linux Enterprise Server 12 SP1:tomcat-el-3_0-api","SUSE Linux Enterprise Server 12 SP1:tomcat-javadoc","SUSE Linux Enterprise Server 12 SP1:tomcat-jsp-2_3-api","SUSE Linux Enterprise Server 12 SP1:tomcat-lib","SUSE Linux Enterprise Server 12 SP1:tomcat-servlet-3_1-api","SUSE Linux Enterprise Server 12 SP1:tomcat-webapps","SUSE Linux Enterprise Server 12 SP2:tomcat","SUSE Linux Enterprise Server 12 SP2:tomcat-admin-webapps","SUSE Linux Enterprise Server 12 SP2:tomcat-docs-webapp","SUSE Linux Enterprise Server 12 SP2:tomcat-el-3_0-api","SUSE Linux Enterprise Server 12 SP2:tomcat-javadoc","SUSE Linux Enterprise Server 12 SP2:tomcat-jsp-2_3-api","SUSE Linux Enterprise Server 12 SP2:tomcat-lib","SUSE Linux Enterprise Server 12 SP2:tomcat-servlet-3_1-api","SUSE Linux Enterprise Server 12 SP2:tomcat-webapps","SUSE Linux Enterprise Server 12-LTSS:tomcat","SUSE Linux Enterprise Server 12-LTSS:tomcat-admin-webapps","SUSE Linux Enterprise Server 12-LTSS:tomcat-docs-webapp","SUSE Linux Enterprise Server 12-LTSS:tomcat-el-2_2-api","SUSE Linux Enterprise Server 12-LTSS:tomcat-javadoc","SUSE Linux Enterprise Server 12-LTSS:tomcat-jsp-2_2-api","SUSE Linux Enterprise Server 12-LTSS:tomcat-lib","SUSE Linux Enterprise Server 12-LTSS:tomcat-servlet-3_0-api","SUSE Linux Enterprise Server 12-LTSS:tomcat-webapps"]},"references":[{"category":"external","summary":"CVE-2017-5651","url":"https://www.suse.com/security/cve/CVE-2017-5651"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1033444 for CVE-2017-5651","url":"https://bugzilla.suse.com/1033444"}],"threats":[{"category":"impact","date":"2017-04-10T21:15:51Z","details":"moderate"}],"title":"CVE-2017-5651"}]}