CVE-2016-6817

Опубликовано: 10 авг. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*

EPSS

Процентиль: 40%

0.0018

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

CWE-835

Связанные уязвимости

CVE-2016-6817

CVSS3: 7.5

ubuntu

почти 8 лет назад

CVE-2016-6817

CVSS3: 7.5

redhat

больше 8 лет назад

CVE-2016-6817

CVSS3: 7.5

debian

почти 8 лет назад

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8. ...

GHSA-698c-2x4j-g9gq

CVSS3: 7.5

github

около 3 лет назад

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

EPSS

Процентиль: 40%

0.0018

Низкий

7.5 High

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-119

CWE-835