In Apache Tomcat 900M1 to 900M18 and 850 to 8512, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data These waiting streams each consumed a thread A malicious client could therefore ...
Debian Bug report logs -
#860068
tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 11 Apr 2017 04:45:02 UTC
Owne ...
Debian Bug report logs -
#860071
tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 11 Apr 2017 04:51:02 UTC
Owne ...
Debian Bug report logs -
#860069
tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 11 Apr 2017 04:48:01 UTC
Owne ...
Debian Bug report logs -
#860070
tomcat8: CVE-2017-5647, CVE-2017-5648, CVE-2017-5650, CVE-2017-5651
Package:
src:tomcat8;
Maintainer for src:tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Tue, 11 Apr 2017 04:48:04 UTC
Owne ...
Summary
The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data These waiting streams each consumed a thread A malicious client could therefore construct a series of HTTP/2 requests that would c ...
Symantec Network Protection products using affected versions of Apache Tomcat are susceptible to multiple security vulnerabilities A remote attacker, with access to the management interface, can obtain sensitive information from the server, modify information associated with a different web application, execute arbitrary code, modify server beha ...
Oracle Solaris Third Party Bulletin - April 2017
Description
The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when Oracle Critical Patch Upda ...
Oracle Critical Patch Update Advisory - July 2017 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Vulmon