Miggo Logo

CVE-2017-5650: Improper Resource Shutdown or Release in Apache Tomcat

7.5

CVSS Score
3.0

Basic Information

EPSS Score
0.94945%
Published
5/13/2022
Updated
2/22/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.tomcat:tomcatmaven>= 9.0.0.M1, <= 9.0.0.M189.0.0.M19
org.apache.tomcat:tomcatmaven>= 8.5.0, <= 8.5.128.5.13

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patch directly modifies the close() method in Http2UpgradeHandler to properly handle the streams associated with a connection when it is closed, indicating this method was vulnerable.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In *p**** Tom**t *.*.*.M* to *.*.*.M** *n* *.*.* to *.*.**, t** **n*lin* o* *n *TTP/* *O*W*Y *r*m* *or * *onn**tion *i* not *los* str**ms *sso*i*t** wit* t**t *onn**tion t**t w*r* *urr*ntly w*itin* *or * WIN*OW_UP**T* ***or* *llowin* t** *ppli**tion

Reasoning

T** p*t** *ir**tly mo*i*i*s t** `*los*()` m*t*o* in `*ttp*Up*r*****n*l*r` to prop*rly **n*l* t** str**ms *sso*i*t** wit* * *onn**tion w**n it is *los**, in*i**tin* t*is m*t*o* w*s vuln*r**l*.