CVE-2016-6817

Summary

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Tomcat9.0.0.M1 to 9.0.0.M11affected
Apache Software FoundationApache Tomcat8.5.0 to 8.5.6affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References