CVE-2017-5650

HIGH Year: 2017
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-404
View all →

Vulnerability Description

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

Related Vulnerabilities

CVE-2010-4038

HIGH
CVSS:7.5(High)

The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspeci...

CWE-4042010

CVE-2012-2805

HIGH
CVSS:7.5(High)

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

CWE-4042012

CVE-2013-4133

HIGH
CVSS:7.5(High)

kde-workspace before 4.10.5 has a memory leak in plasma desktop

CWE-4042013

CVE-2014-125066

HIGH
CVSS:7.5(High)

A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attac...

CWE-4042014

CVE-2015-10025

HIGH
CVSS:7.5(High)

A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the com...

CWE-4042015

CVE-2015-10085

HIGH
CVSS:7.5(High)

A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious deli...

CWE-4042015