Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-5650

Опубликовано: 10 апр. 2017
Источник: redhat
CVSS3: 7.5
EPSS Средний

Описание

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5tomcat5Not affected
Red Hat Enterprise Linux 6tomcat6Not affected
Red Hat Enterprise Linux 7tomcatNot affected
Red Hat JBoss BRMS 5jbosswebNot affected
Red Hat JBoss Data Grid 6jbosswebNot affected
Red Hat JBoss Data Virtualization 6jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 5jbosswebNot affected
Red Hat JBoss Enterprise Application Platform 6tomcat7Not affected
Red Hat JBoss Enterprise Web Server 2tomcat6Not affected
Red Hat JBoss Enterprise Web Server 2tomcat7Not affected

Показывать по

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=1441230tomcat: Handling of HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection

EPSS

Процентиль: 95%
0.18596
Средний

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

CVSS3: 7.5
nvd
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

CVSS3: 7.5
debian
больше 8 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handli ...

CVSS3: 7.5
github
около 3 лет назад

Improper Resource Shutdown or Release in Apache Tomcat

EPSS

Процентиль: 95%
0.18596
Средний

7.5 High

CVSS3