Denial of service in Apache Tomcat

#VU1185 Denial of service in Apache Tomcat

Cybersecurity Help s.r.o.

Published: 2016-11-22

Vulnerability identifier: #VU1185

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2016-6817

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to perform a DoS attack.

The vulnerability exists due to boundary error when parsing HTTP/2 headers. A remote attacker can send a specially crafted HTTP/2 header longer than available buffer and trigger infinite loop.

Successful exploitation of the vulnerability may result in denial of service.

Mitigation
Update to version 9.0.0.M13.

Vulnerable software versions

Apache Tomcat: 9.0.0-M1 - 9.0.0-M11

External links
http://tomcat.apache.org/security-9.html
http://svn.apache.org/viewvc?view=rev&rev=1765794

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM FlashSystem models 840 and 900

Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance

Multiple vulnerabilities in SAN Volume Controller, Storwize family and FlashSystem V9000 products

Multiple vulnerabilities in Apache Tomcat