VYPR
High severity7.5NVD Advisory· Published Aug 10, 2017· Updated Jun 17, 2026

CVE-2016-6817

CVE-2016-6817

Description

The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 9.0.0.M1, < 9.0.0.M129.0.0.M12
org.apache.tomcat:tomcatMaven
>= 8.5.0, < 8.5.88.5.8

Affected products

20
  • Apache/Tomcat18 versions
    cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*+ 17 more
    • cpe:2.3:a:apache:tomcat:8.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 9.0.0.M1, < 9.0.0.M12
  • Apache Software Foundation/Apache Tomcatv5
    Range: 9.0.0.M1 to 9.0.0.M11

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.