#VU1185 Denial of service in Apache Tomcat - CVE-2016-6817

Cybersecurity Help s.r.o.

Published: 2016-11-22

Vulnerability identifier: #VU1185

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2016-6817

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Apache Tomcat
Server applications / Web servers

Vendor: Apache Foundation

Description

The vulnerability allows a remote attacker to perform a DoS attack.

The vulnerability exists due to boundary error when parsing HTTP/2 headers. A remote attacker can send a specially crafted HTTP/2 header longer than available buffer and trigger infinite loop.

Successful exploitation of the vulnerability may result in denial of service.

Mitigation
Update to version 9.0.0.M13.

Vulnerable software versions

Apache Tomcat: 9.0.0-M1 - 9.0.0-M11

External links
https://tomcat.apache.org/security-9.html
https://svn.apache.org/viewvc?view=rev&rev=1765794

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM FlashSystem models 840 and 900

Multiple vulnerabilities in Dell EMC Cloud Tiering Appliance

Multiple vulnerabilities in SAN Volume Controller, Storwize family and FlashSystem V9000 products

Fedora 25 update for tomcat

Fedora 23 update for tomcat

Fedora 24 update for tomcat

Multiple vulnerabilities in Apache Tomcat