Home > Vulnerability Database > CVE-2017-6056

Mend.io Vulnerability Database

CVE-2017-6056

Good to know:

Date: February 17, 2017

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Language: Java

Severity Score

7.5

Related Resources (20)

Url: https://bugs.debian.org/851304

Url: https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-6056

Url: http://rhn.redhat.com/errata/RHSA-2017-0826.html

Url: https://security.netapp.com/advisory/ntap-20180731-0002/

Url: https://lists.debian.org/debian-security-announce/2017/msg00039.html

Url: http://www.securityfocus.com/bid/96293

Url: https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2017-6056

Url: http://rhn.redhat.com/errata/RHSA-2017-0517.html

Url: https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2017-0828.html

Url: http://www.securitytracker.com/id/1037860

Url: http://www.debian.org/security/2017/dsa-3788

Url: http://www.debian.org/security/2017/dsa-3787

Url: http://rhn.redhat.com/errata/RHSA-2017-0827.html

Url: https://bz.apache.org/bugzilla/show_bug.cgi?id=60578

Url: http://rhn.redhat.com/errata/RHSA-2017-0829.html

Url: https://lists.debian.org/debian-security-announce/2017/msg00038.html

Url: https://www.mend.io/vulnerability-database/CVE-2017-6056

Severity Score

7.5

Weakness Type (CWE)

Data Handling

CWE-19

Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-835

Top Fix

Upgrade Version

Upgrade to version 7.0.56-3+deb8u8,8.0.14-1+deb8u7

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-6056

Good to know:

Date: February 17, 2017

Language: Java

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?