nvd-json-data-feeds/CVE-2016/CVE-2016-68xx/CVE-2016-6817.json

{
  "id": "CVE-2016-6817",
  "sourceIdentifier": "security@apache.org",
  "published": "2017-08-10T22:29:00.233",
  "lastModified": "2023-12-08T16:41:18.860",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible."
    },
    {
      "lang": "es",
      "value": "El parser de cabecera HTTP/2 en Apache Tomcat en sus versiones 9.0.0.M1 a 9.0.0.M11 y 8.5.0 a 8.5.6 entraba en un bucle infinito si la cabecera recibida era mayor que el b\u00fafer disponible. Esto hizo que fuese posible realizar un ataque de denegaci\u00f3n de servicio."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": true,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A7FC28-A0EC-4516-9776-700343D2F4DB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "18814653-6D44-47D9-A2F5-89C5AFB255F8"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D811A9-4988-4C11-AA27-F5BE2B93D8D4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAEF824D-7E95-4BC1-8DBB-787DCE595E21"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "97F4A2B3-DB1D-4D0B-B5FF-7EE2A0D291BB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B461D5A-1208-498F-B551-46C6D514AC2B"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "598E5D91-0165-4D55-9EDD-EBB5AAAD1172"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
              "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.securityfocus.com/bid/94462",
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "http://www.securitytracker.com/id/1037330",
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E",
      "source": "security@apache.org"
    },
    {
      "url": "https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3%40%3Cdev.tomcat.apache.org%3E",
      "source": "security@apache.org"
    },
    {
      "url": "https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a%40%3Cdev.tomcat.apache.org%3E",
      "source": "security@apache.org"
    },
    {
      "url": "https://lists.apache.org/thread.html/a9f24571460af003071475b75f18cad81ebcc36fa7c876965a75e32a%40%3Cannounce.tomcat.apache.org%3E",
      "source": "security@apache.org"
    },
    {
      "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E",
      "source": "security@apache.org"
    },
    {
      "url": "https://security.netapp.com/advisory/ntap-20180607-0001/",
      "source": "security@apache.org"
    }
  ]
}