Apache Tomcat CVE-2016-6817 Denial of Service Vulnerability

Apache Tomcat is prone to a denial-of-service vulnerability.

Attackers may leverage this issue to cause denial-of-service conditions.

The following versions are affected:

Apache Tomcat 9.0.0.M1 through 9.0.0.M11
Apache Tomcat 8.5.0 through 8.5.6

Information

Bugtraq ID: 94462
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2016-6817

Remote: Yes
Local: No
Published: Nov 22 2016 12:00AM
Updated: Apr 19 2017 04:04PM
Credit: The vendor reported this issue.
Vulnerable: Oracle Solaris 11.3
Oracle Solaris 10
Oracle Secure Global Desktop 5.3
Oracle Secure Global Desktop 5.2
Oracle Secure Global Desktop 4.71
Apache Tomcat 8.5.6
Apache Tomcat 8.5.5
Apache Tomcat 8.5.4
Apache Tomcat 9.0.0M8
Apache Tomcat 9.0.0M6
Apache Tomcat 9.0.0.M9
Apache Tomcat 9.0.0.M7
Apache Tomcat 9.0.0.M5
Apache Tomcat 9.0.0.M4
Apache Tomcat 9.0.0.M3
Apache Tomcat 9.0.0.M2
Apache Tomcat 9.0.0.M11
Apache Tomcat 9.0.0.M10
Apache Tomcat 9.0.0.M1
Apache Tomcat 8.5.3
Apache Tomcat 8.5.2
Apache Tomcat 8.5.0

Not Vulnerable: Apache Tomcat 8.5.8
Apache Tomcat 9.0.0.M13

References:

• Apache Tomcat Homepage (Apache)
  
• Fixed in Apache Tomcat 8.0.32 (Apache)
  
• Fixed in Apache Tomcat 9.0.0.M3 (Apache)
  
• Oracle Critical Patch Update Advisory - April 2017 (Oracle)
  
• Oracle Solaris Third Party Bulletin - January 2017 (Oracle)
  

Source: www.securityfocus.com