The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

References

bugzilla.redhat.com/show_bug.cgi?id=1397474

cvelist 1

github 1

f5 2

nessus 9

osv 2

debiancve 1

cve 1

seebug 1

openvas 5

ubuntucve 1

prion 1

nvd 1

fedora 3

ibm 11

photon 1

tomcat 2

atlassian 2

oracle 1

cvelist

CVE-2016-6817

2017-08-10 22:00:00

github

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

2022-05-14 01:10:16

SOL49160100 - Apache Tomcat vulnerability CVE-2016-6817

2016-12-02 00:00:00

K49160100 : Apache Tomcat vulnerability CVE-2016-6817

2016-12-02 00:00:00

nessus

Photon OS 1.0: Apache PHSA-2016-0011

2024-07-23 00:00:00

Fedora 24 : 1:tomcat (2016-a98c560116)

2016-12-16 00:00:00

Apache Tomcat 8.5.x < 8.5.8 / 9.0.0.x < 9.0.0.M13 Multiple Vulnerabilities

2017-01-24 00:00:00

osv

Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat

2022-05-14 01:10:16

CVE-2016-6817

2017-08-10 22:29:00

debiancve

CVE-2016-6817

2017-08-10 22:29:00

cve

CVE-2016-6817

2017-08-10 22:29:00

seebug

Apache Tomcat denial of service vulnerability, CVE-2016-6817）

2017-02-13 00:00:00

openvas

Apache Tomcat 'HTTP2' Denial of Service Vulnerability - Windows

2017-08-11 00:00:00

Apache Tomcat 'HTTP2' Denial of Service Vulnerability - Linux

2017-08-11 00:00:00

Fedora Update for tomcat FEDORA-2016-98cca07999

2016-12-16 00:00:00

ubuntucve

CVE-2016-6817

2017-08-10 00:00:00

prion

Design/Logic Flaw

2017-08-10 22:29:00

nvd

CVE-2016-6817

2017-08-10 22:29:00

fedora

[SECURITY] Fedora 25 Update: tomcat-8.0.39-1.fc25

2016-12-14 21:31:31

[SECURITY] Fedora 24 Update: tomcat-8.0.39-1.fc24

2016-12-14 22:57:34

[SECURITY] Fedora 23 Update: tomcat-8.0.39-1.fc23

2016-12-15 01:21:03

ibm

Security Bulletin: Vulnerabilities in Apache Tomcat affect Power Hardware Management Console (CVE-2016-6816, CVE-2016-6817, and CVE-2016-0762)

2021-09-23 01:31:39

Security Bulletin: Multiple vulnerabilities in Apache Tomcat affect SAN Volume Controller, Storwize family and FlashSystem V9000 products

2023-03-29 01:48:02

Security Bulletin: Vulnerabilities in Apache Tomcat affect the IBM FlashSystem model V840

2018-06-18 00:32:46

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2016-0011

2016-11-29 00:00:00

tomcat

Fixed in Apache Tomcat 8.5.8

2016-11-08 00:00:00

Fixed in Apache Tomcat 9.0.0.M13

2016-11-08 00:00:00

atlassian

Update bundled Apache Tomcat due to security vulnerabilities

2017-04-17 08:48:35

Update bundled Apache Tomcat due to security vulnerabilities

2017-04-17 08:48:35

oracle

Oracle Critical Patch Update Advisory - April 2017

2017-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

EPSS

0.025

Percentile

90.4%

JSON

Related for RH:CVE-2016-6817