VDB
CVE-2016-6817
CVE-2016-6817
PUBLISHED
CVSS 8.699999809265137 HIGH
Es existiert eine Denial of Service Schwachstelle in Apache Tomcat im Zusammenhang mit dem HTTP/2 Header Parser. Diese Schwachstelle beruht auf einer fehlerhaften Verarbeitung von HTTP/2 Headern, wenn ein empfangener Header größer als der verfügbare Puffer ist. Ein entfernter anonymer Angreifer kann diese Schwachstelle durch Übermitteln eines speziell gestalteten HTTP Pakets ausnutzen, um einen Denial of Service Zustand des HTTP/2 Header Parser herbeizuführen.
EPSS 0.76% · 73.7th percentile
Risk Scores
CVSS v4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.76%
73.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | Oracle Linux | |
| Apache | Apache Tomcat <9.0.0.M13 | |
| Debian | Debian Linux | |
| Red Hat | Red Hat Enterprise Linux | |
| Ubuntu | Ubuntu Linux | |
| Apache | Apache Tomcat <8.0.39 |
Exploit Intelligence
- https://www.exploit-db.com/exploits/41783/ (certbund)
Timeline
- Nov 22, 2016 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 30, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0528.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0528 advisory
- https://www.dell.com/support/kbdoc/000222618/dsa-2024-= advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2016/wid-sec-w-2025-0215.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0215 advisory
- http://seclists.org/oss-sec/2016/q4/501 advisory
- http://seclists.org/oss-sec/2016/q4/502 advisory
- http://seclists.org/oss-sec/2016/q4/503 advisory
- http://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.0.M13 advisory
- http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.39 advisory
- http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.73 advisory
- http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.48 advisory
- https://support.f5.com/kb/en-us/solutions/public/k/50/sol50116122.html advisory
- https://support.f5.com/kb/en-us/solutions/public/k/49/sol49820145.html advisory
- https://support.f5.com/kb/en-us/solutions/public/k/49/sol49160100.html advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20163079-1.html advisory
- https://www.suse.com/support/update/announcement/2016/suse-su-20163081-1.html advisory
- https://www.debian.org/security/2016/dsa-3739 advisory
- https://www.debian.org/security/2016/dsa-3738 advisory
- http://www.ubuntu.com/usn/usn-3177-1/ advisory
…and 13 more