fkie_cve-2017-5650
Vulnerability from fkie_nvd
Published
2017-04-17 16:59
Modified
2024-11-21 03:28
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.
References
security@apache.orghttp://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
security@apache.orghttp://www.securityfocus.com/bid/97531Third Party Advisory, VDB Entry
security@apache.orghttp://www.securitytracker.com/id/1038217
security@apache.orghttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738%40%3Cannounce.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://security.gentoo.org/glsa/201705-09
security@apache.orghttps://security.netapp.com/advisory/ntap-20180614-0001/
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/97531Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038217
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738%40%3Cannounce.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201705-09
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180614-0001/
Impacted products
Vendor Product Version
apache tomcat 8.5.0
apache tomcat 8.5.1
apache tomcat 8.5.2
apache tomcat 8.5.3
apache tomcat 8.5.4
apache tomcat 8.5.5
apache tomcat 8.5.6
apache tomcat 8.5.7
apache tomcat 8.5.8
apache tomcat 8.5.9
apache tomcat 8.5.10
apache tomcat 8.5.11
apache tomcat 8.5.12
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "69A7FC28-A0EC-4516-9776-700343D2F4DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "18814653-6D44-47D9-A2F5-89C5AFB255F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "D4D811A9-4988-4C11-AA27-F5BE2B93D8D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "FAEF824D-7E95-4BC1-8DBB-787DCE595E21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "97F4A2B3-DB1D-4D0B-B5FF-7EE2A0D291BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "0B461D5A-1208-498F-B551-46C6D514AC2B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "598E5D91-0165-4D55-9EDD-EBB5AAAD1172",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "4B6B61B7-09A3-41C8-8333-0417C14CC87E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "95A139BA-CD3C-42F5-88BA-BE7BE58246D7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.9:*:*:*:*:*:*:*",
                     matchCriteriaId: "876EADA5-60AD-4849-BE10-61C75AA75053",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.10:*:*:*:*:*:*:*",
                     matchCriteriaId: "1814F8DE-2060-411F-9FCC-6EC42AF5663D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.11:*:*:*:*:*:*:*",
                     matchCriteriaId: "1AF6DBF7-BB0A-4AE6-84DA-51428ACF47CD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:8.5.12:*:*:*:*:*:*:*",
                     matchCriteriaId: "A34F72ED-04FE-4EDE-BB18-BE8B1E99EEF1",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
                     matchCriteriaId: "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
                     matchCriteriaId: "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
                     matchCriteriaId: "8B6787B6-54A8-475E-BA1C-AB99334B2535",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
                     matchCriteriaId: "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
                     matchCriteriaId: "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
                     matchCriteriaId: "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
                     matchCriteriaId: "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
                     matchCriteriaId: "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
                     matchCriteriaId: "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
                     matchCriteriaId: "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
                     matchCriteriaId: "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
                     matchCriteriaId: "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
                     matchCriteriaId: "D1902D2E-1896-4D3D-9E1C-3A675255072C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
                     matchCriteriaId: "49AAF4DF-F61D-47A8-8788-A21E317A145D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
                     matchCriteriaId: "454211D0-60A2-4661-AECA-4C0121413FEB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
                     matchCriteriaId: "0686F977-889F-4960-8E0B-7784B73A7F2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
                     matchCriteriaId: "558703AE-DB5E-4DFF-B497-C36694DD7B24",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
                     matchCriteriaId: "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.",
      },
      {
         lang: "es",
         value: "En Apache Tomcat 9.0.0.M1 a 9.0.0.M18 y 8.5.0 a 8.5.12, el tratamiento de un marco HTTP/2 GOAWAY para una conexión que no cerró los flujos asociados con esa conexión que estaban esperando actualmente un WINDOW_UPDATE antes de permitir que la aplicación escriba más datos. Estos flujos de espera cada uno consumió un hilo. Un cliente malicioso podría construir una serie de peticiones HTTP/2 que consumirían todos los subprocesos de procesamiento disponibles.",
      },
   ],
   id: "CVE-2017-5650",
   lastModified: "2024-11-21T03:28:06.447",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 5,
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "NONE",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
               version: "3.0",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2017-04-17T16:59:00.430",
   references: [
      {
         source: "security@apache.org",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
      },
      {
         source: "security@apache.org",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/97531",
      },
      {
         source: "security@apache.org",
         url: "http://www.securitytracker.com/id/1038217",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738%40%3Cannounce.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "security@apache.org",
         url: "https://security.gentoo.org/glsa/201705-09",
      },
      {
         source: "security@apache.org",
         url: "https://security.netapp.com/advisory/ntap-20180614-0001/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/97531",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securitytracker.com/id/1038217",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738%40%3Cannounce.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0%40%3Cdev.tomcat.apache.org%3E",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.gentoo.org/glsa/201705-09",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://security.netapp.com/advisory/ntap-20180614-0001/",
      },
   ],
   sourceIdentifier: "security@apache.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-404",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.