The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2017-08-10T22:00:00Z
Updated: 2024-09-16T17:14:31.052Z
Reserved: 2016-08-12T00:00:00
Link: CVE-2016-6817
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-08-10T22:29:00.233
Modified: 2023-12-08T16:41:18.860
Link: CVE-2016-6817
Redhat