CVE-2017-5650 in Tomcat
Resumen (Inglés)
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Reservar
2017-01-29
Divulgación
2017-04-17
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 99569 | Apache Tomcat HTTP/2 GOAWAY Frame denegación de servicio | 399 | No está definido | Arreglo oficial | CVE-2017-5650 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV