CVE-2017-5650

First published: Mon Apr 17 2017(Updated: )

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

Credit: security@apache.org security@apache.org security@apache.org

Affected Software	Affected Version	How to fix
Apache Tomcat	=8.5.0
Apache Tomcat	=8.5.1
Apache Tomcat	=8.5.2
Apache Tomcat	=8.5.3
Apache Tomcat	=8.5.4
Apache Tomcat	=8.5.5
Apache Tomcat	=8.5.6
Apache Tomcat	=8.5.7
Apache Tomcat	=8.5.8
Apache Tomcat	=8.5.9
Apache Tomcat	=8.5.10
Apache Tomcat	=8.5.11
Apache Tomcat	=8.5.12
Apache Tomcat	=9.0.0-m1
Apache Tomcat	=9.0.0-m10
Apache Tomcat	=9.0.0-m11
Apache Tomcat	=9.0.0-m12
Apache Tomcat	=9.0.0-m13
Apache Tomcat	=9.0.0-m14
Apache Tomcat	=9.0.0-m15
Apache Tomcat	=9.0.0-m16
Apache Tomcat	=9.0.0-m17
Apache Tomcat	=9.0.0-m18
Apache Tomcat	=9.0.0-m2
Apache Tomcat	=9.0.0-m3
Apache Tomcat	=9.0.0-m4
Apache Tomcat	=9.0.0-m5
Apache Tomcat	=9.0.0-m6
Apache Tomcat	=9.0.0-m7
Apache Tomcat	=9.0.0-m8
Apache Tomcat	=9.0.0-m9
Apache Tomcat	=9.0.0-milestone1
Apache Tomcat	=9.0.0-milestone10
Apache Tomcat	=9.0.0-milestone11
Apache Tomcat	=9.0.0-milestone12
Apache Tomcat	=9.0.0-milestone13
Apache Tomcat	=9.0.0-milestone14
Apache Tomcat	=9.0.0-milestone15
Apache Tomcat	=9.0.0-milestone16
Apache Tomcat	=9.0.0-milestone17
Apache Tomcat	=9.0.0-milestone18
Apache Tomcat	=9.0.0-milestone2
Apache Tomcat	=9.0.0-milestone3
Apache Tomcat	=9.0.0-milestone4
Apache Tomcat	=9.0.0-milestone5
Apache Tomcat	=9.0.0-milestone6
Apache Tomcat	=9.0.0-milestone7
Apache Tomcat	=9.0.0-milestone8
Apache Tomcat	=9.0.0-milestone9
maven/org.apache.tomcat:tomcat	>=8.5.0<=8.5.12	8.5.13
maven/org.apache.tomcat:tomcat	>=9.0.0.M1<=9.0.0.M18	9.0.0.M19
	=8.5.0
	=8.5.1
	=8.5.2
	=8.5.3
	=8.5.4
	=8.5.5
	=8.5.6
	=8.5.7
	=8.5.8
	=8.5.9
	=8.5.10
	=8.5.11
	=8.5.12
	=9.0.0-milestone1
	=9.0.0-milestone10
	=9.0.0-milestone11
	=9.0.0-milestone12
	=9.0.0-milestone13
	=9.0.0-milestone14
	=9.0.0-milestone15
	=9.0.0-milestone16
	=9.0.0-milestone17
	=9.0.0-milestone18
	=9.0.0-milestone2
	=9.0.0-milestone3
	=9.0.0-milestone4
	=9.0.0-milestone5
	=9.0.0-milestone6
	=9.0.0-milestone7
	=9.0.0-milestone8
	=9.0.0-milestone9

CVE-2017-5650

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact