Back to search
CVE-2016-6817
Published: Aug 10, 2017
Modified: Oct 15, 2024
PUBLISHED
Description
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Tomcat | affected 9.0.0.M1 to 9.0.0.M11affected 8.5.0 to 8.5.6 |
References
1037330
vdb-entry
x_refsource_SECTRACK
[announce] 20161122 [SECURITY] CVE-2016-6817 Apache Tomcat Denial of Service
mailing-list
x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20180607-0001/
x_refsource_CONFIRM
94462
vdb-entry
x_refsource_BID
[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190413 svn commit: r1857494 [17/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190415 svn commit: r1857582 [19/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now