tomcat-coyote is vulnerable to denial of service (DoS) attacks. The vulnerability is a result of backporting a fix for CVE-2016-6816 but not backporting the fix for the Tomcat bug 57544 which fails to handle an exceptional condition check for pos
while processing HTTPS requests in the Apache Tomcat servlet and JSP engine.
rhn.redhat.com/errata/RHSA-2017-0517.html
rhn.redhat.com/errata/RHSA-2017-0826.html
rhn.redhat.com/errata/RHSA-2017-0827.html
rhn.redhat.com/errata/RHSA-2017-0828.html
rhn.redhat.com/errata/RHSA-2017-0829.html
www.debian.org/security/2017/dsa-3787
www.debian.org/security/2017/dsa-3788
www.securityfocus.com/bid/96293
www.securitytracker.com/id/1037860
bugs.debian.org/851304
bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304
bz.apache.org/bugzilla/show_bug.cgi?id=60578
github.com/apache/tomcat80/commit/614e7f78aecc429d8740bb59900c2f9fbc86a788
lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d@%3Cissues.activemq.apache.org%3E
lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4@%3Cissues.activemq.apache.org%3E
lists.debian.org/debian-security-announce/2017/msg00038.html
lists.debian.org/debian-security-announce/2017/msg00039.html
security.netapp.com/advisory/ntap-20180731-0002/