Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2017-6056

Published: 17/02/2017 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Canonical

Vulnerability Summary

It exists that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (prior to 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

canonical ubuntu linux 12.04

debian debian linux 8.0

canonical ubuntu linux 14.04

Vendor Advisories

Debian CVElist Bug Report Logs: tomcat8 use 100% cpu time
Debian Bug report logs - #851304 tomcat8 use 100% cpu time Package: tomcat8; Maintainer for tomcat8 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat8 is src:tomcat8 (PTS, buildd, popcon) Reported by: RickLinux <linuxtr3@gmailcom> Date: Fri, 13 Jan 2017 20:21:02 UTC Severi ...
Ubuntu Security Notice: tomcat6, tomcat7 vulnerability
Tomcat could be made to consume resources if it received specially crafted network traffic ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.14 update on RHEL 7
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6414 update on RHEL 7 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform security update
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Common Vu ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.14 update on RHEL 6
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6414 update on RHEL 6 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: Red Hat JBoss Enterprise Application Platform 6.4.14 update on RHEL 5
Synopsis Important: Red Hat JBoss Enterprise Application Platform 6414 update on RHEL 5 Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 5Red Hat Product Security has rated this update as having a security impact of ...
Red Hat: Important: jboss-ec2-eap security, bug fix, and enhancement update
Synopsis Important: jboss-ec2-eap security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 64 for RHEL 6Red Hat Product Security has rated this update as having a security impac ...
Debian Security Advisories: DSA-3788-1 tomcat8 -- security update
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop For the stable distribution (jessie), this problem has been fixed in version 8014-1+deb8u7 For the unstable distribution (sid), this problem will be fixed soon We recomm ...
Debian Security Advisories: DSA-3787-1 tomcat7 -- security update
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop For the stable distribution (jessie), this problem has been fixed in version 7056-3+deb8u8 We recommend that you upgrade your tomcat7 packages ...

References

CWE-835https://lists.debian.org/debian-security-announce/2017/msg00039.htmlhttps://lists.debian.org/debian-security-announce/2017/msg00038.htmlhttps://bz.apache.org/bugzilla/show_bug.cgi?id=60578https://bugs.debian.org/851304http://www.securityfocus.com/bid/96293http://www.securitytracker.com/id/1037860http://www.debian.org/security/2017/dsa-3788http://www.debian.org/security/2017/dsa-3787http://rhn.redhat.com/errata/RHSA-2017-0829.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0828.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0827.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0826.htmlhttp://rhn.redhat.com/errata/RHSA-2017-0517.htmlhttps://security.netapp.com/advisory/ntap-20180731-0002/https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3Ehttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851304https://usn.ubuntu.com/3204-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook