[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service

[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service

Tomcat, Apache, Http, The, That, Security, Connection, Org, Upgrade, Affected, Waiting, Should, Apply, Requests, Later, Followingmitigations, One, Users, Processing, Allavailable, Consume, Threads

CVE-2017-5650 Apache Tomcat Denial of ServiceSeverity: ImportantVendor: The Apache Software FoundationVersions Affected:


CVE-2017-5650 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected
Description
The handling of an HTTP/2 GOAWAY frame for a connection did not close
streams associated with that connection that were currently waiting for
a WINDOW_UPDATE before allowing the application to write more data.
These waiting streams each consumed a thread. A malicious client could
therefore construct a series of HTTP/2 requests that would consume all
available processing threads.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 9.0.0.M19 or later
- Upgrade to Apache Tomcat 8.5.13 or later
Credit:
This issue was identified by Chun Han Hsiao and reported responsibly to
the Tomcat security team.
History:
2017-04-10 Original advisory
References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html

Zdroj: Apache

2017-04-10 22:53:13 8760 2396Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

Apache Phoenix 4.10 released

The Apache Phoenix team is pleased to announce the immediate availabilityof the 4.10.0 release. Apache Phoenix enables S... čítať viac

Atom Facebook Likebox (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Atom Facebook Likebox (Joomla). Joomla Facebook Module. Can display facebo... čítať viac

Collaborate (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Collaborate (Joomla). Collaborate makes it easy for users on your site to ... čítať viac

Apache Tomcat 9.0.5 available

The Apache Tomcat team announces the immediate availability of ApacheTomcat 9.0.5.Apache Tomcat 9 is an open source soft... čítať viac

Linked Data Platform 1.0 Primer Note Published

The Linked Data Platform (LDP) Working Group has published a Group Note of Linked Data Platform 1.0 Primer. This primer provides an introduc... čítať viac

HTML5 Training; Still time to register for the special edition

There is still time to register for the W3C HTML5 online course that began 2 December. Acclaimed trainer Michel Buffa will cover the techniq... čítať viac

Nominate PrestaShop! in the 2016 CMS Critic Awards

We are once again running for the CMS Critic Awards. Please help us get nominated in the categories: Best Open Source CM... čítať viac

Apache NiFi 0.7.0 release

HelloThe Apache NiFi team would like to announce the release of Apache NiFi0.7.0.Apache NiFi is an easy to use, powerful... čítať viac