CVE-2017-6056
Last modified
CVE-2017-6056 is a vulnerability of currently unknown severity. It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. EPSS estimates a 7.49% chance of exploitation in the next 30 days.
Description
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 14.04 |
| Debian | Debian Linux | 8.0 |
References
- http://rhn.redhat.com/errata/RHSA-2017-0517.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0826.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0827.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0828.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0829.htmlThird Party Advisory
- http://www.debian.org/security/2017/dsa-3787Third Party Advisory
- http://www.debian.org/security/2017/dsa-3788Third Party Advisory
- http://www.securityfocus.com/bid/96293Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037860Third Party Advisory, VDB Entry
- https://bugs.debian.org/851304Issue Tracking, Third Party Advisory
- https://bz.apache.org/bugzilla/show_bug.cgi?id=60578Issue Tracking, Third Party Advisory
- https://lists.debian.org/debian-security-announce/2017/msg00038.htmlThird Party Advisory
- https://lists.debian.org/debian-security-announce/2017/msg00039.htmlThird Party Advisory
- https://security.netapp.com/advisory/ntap-20180731-0002/Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0517.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0826.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0827.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0828.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2017-0829.htmlThird Party Advisory
- http://www.debian.org/security/2017/dsa-3787Third Party Advisory
- http://www.debian.org/security/2017/dsa-3788Third Party Advisory
- http://www.securityfocus.com/bid/96293Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1037860Third Party Advisory, VDB Entry
- https://bugs.debian.org/851304Issue Tracking, Third Party Advisory
- https://bz.apache.org/bugzilla/show_bug.cgi?id=60578Issue Tracking, Third Party Advisory
- https://lists.debian.org/debian-security-announce/2017/msg00038.htmlThird Party Advisory
- https://lists.debian.org/debian-security-announce/2017/msg00039.htmlThird Party Advisory
- https://security.netapp.com/advisory/ntap-20180731-0002/Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-6056?
How severe is CVE-2017-6056?
How do I fix CVE-2017-6056?
Are you affected by CVE-2017-6056?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST