[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service

[SECURITY] CVE-2017-5650 Apache Tomcat Denial of Service

Tomcat, Apache, Http, The, That, Security, Connection, Org, Upgrade, Affected, Waiting, Should, Apply, Requests, Later, Followingmitigations, One, Users, Processing, Allavailable, Consume, Threads

CVE-2017-5650 Apache Tomcat Denial of ServiceSeverity: ImportantVendor: The Apache Software FoundationVersions Affected:


CVE-2017-5650 Apache Tomcat Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.0.M18
Apache Tomcat 8.5.0 to 8.5.12
Apache Tomcat 8.0.x and earlier are not affected
Description
The handling of an HTTP/2 GOAWAY frame for a connection did not close
streams associated with that connection that were currently waiting for
a WINDOW_UPDATE before allowing the application to write more data.
These waiting streams each consumed a thread. A malicious client could
therefore construct a series of HTTP/2 requests that would consume all
available processing threads.
Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 9.0.0.M19 or later
- Upgrade to Apache Tomcat 8.5.13 or later
Credit:
This issue was identified by Chun Han Hsiao and reported responsibly to
the Tomcat security team.
History:
2017-04-10 Original advisory
References:
[1] http://tomcat.apache.org/security-9.html
[2] http://tomcat.apache.org/security-8.html

Zdroj: Apache

2017-04-10 22:53:13 9861 2688Facebook | Twitter | Google+ | LinkedIn
Web PHP developer Milan Jankovec

<Milan Jankovec> Full Stack Web Developer

Vytváram webové stránky a aplikácie na mieru. Čistý a validný HTML5 kód na každej platforme, moderné animované CSS3 štýly a neuveriteľné JavaScript kúzla. Bezpečný a rýchly PHP kód bez obmedzení s geniálnou architektúrou databáz.

Najčítanejšie články

What's New in MySQL 5.6 Release Candidate

The MySQL 5.6 Release Candidate is an aggregation of the previous MySQL 5.6 Development Milestone Releases (DMR) and provides a true functio... čítať viac

MySQL 5.6: Improvements in Thread Pool

MySQL Thread Pool has now been updated for the MySQL 5.6 version. Obviously, with the much higher concurrency of the MySQL Server in 5.6 its... čítať viac

DBA and Developer Guide to MySQL 5.6

MySQL is the most trusted and depended-on open source database platform in use today. As such, 9 out of the top 10 most popular and highly-t... čítať viac

MySQL Applier for Hadoop

To support the growing emphasis on real-time operations, MySQL is releasing a new MySQL Applier for Hadoop to enable the replication of even... čítať viac

MySQL Cluster 7.3 GA: Increasing Developer Flexibility and Simplicity

The MySQL team at Oracle are excited to announce the immediate availability of the MySQL Cluster 7.3 Development Milestone Release GA releas... čítať viac

MySQL Cluster Auto-Installer: Video Tutorial

Learn how easy it is to deploy a MySQL Cluster database that has been configured to best meet your applications needs within your environmen... čítať viac

MySQL Replication Utilities: Video Tutorial

Learn how to use MySQL 5.6 and the MySQL Utilities to setup, monitor and manage your MySQL replication topology. See how a single command ca... čítať viac

MySQL 5.6 Replication - Enabling the Next Generation of Web & Cloud Services

The new MySQL 5.6.5 Development Milestone Release (DMR) introduces a much anticipated feature - Global Transaction Identifiers (GTIDs) for M... čítať viac

Dnešný výber

nx-YouTube Custom Field (Joomla)

Joomla extension nx-YouTube Custom Field (Joomla). nx-YouTube Custom Field offers you an easy way to implement a YouTube Video on your Conte... čítať viac

SJ Extra Slider for Hikashop (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom SJ Extra Slider for Hikashop (Joomla). Lets welcome the very first module ... čítať viac

Apache OFBiz 11.04.06 released

The Apache OFBiz community is pleased to announce the new release Apache OFBiz 11.04.06. Apache OFBiz is an open source product for the auto... čítať viac

Inceptive Smooth Preloader (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Inceptive Smooth Preloader (Joomla). Inceptive Smooth Preloader is a Jooml... čítať viac

Ubuntu Server development summary – 19 June 2018

The purpose of this communication is to provide a status update and highlights for any interesting subjects from the Ubu... čítať viac

Ubuntu - Cloud Chatter: February 2017

Our February edition is packed with great content! We kick off with explaining why software-defined everything matters a... čítať viac

Simple CardStream (Joomla)

Je dostupné nové rozšírenie pre redakčný systém Joomla pod názvom Simple CardStream (Joomla). Simple CardStream Module enables you to take p... čítať viac

BreadCrumbs CSS (Joomla)

Joomla extension BreadCrumbs CSS (Joomla). BreadCrumbs Advanced Plus for Joomla! 3 is a module which replaces the default breadcrumbs module... čítať viac