High severity7.5NVD Advisory· Published Feb 17, 2017· Updated May 13, 2026
CVE-2017-6056
CVE-2017-6056
Description
It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.
Affected products
3cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- rhn.redhat.com/errata/RHSA-2017-0517.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2017-0826.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2017-0827.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2017-0828.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2017-0829.htmlnvdThird Party Advisory
- www.debian.org/security/2017/dsa-3787nvdThird Party Advisory
- www.debian.org/security/2017/dsa-3788nvdThird Party Advisory
- www.securityfocus.com/bid/96293nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1037860nvdThird Party AdvisoryVDB Entry
- bugs.debian.org/851304nvdIssue TrackingThird Party Advisory
- bz.apache.org/bugzilla/show_bug.cginvdIssue TrackingThird Party Advisory
- lists.debian.org/debian-security-announce/2017/msg00038.htmlnvdThird Party Advisory
- lists.debian.org/debian-security-announce/2017/msg00039.htmlnvdThird Party Advisory
- security.netapp.com/advisory/ntap-20180731-0002/nvdThird Party Advisory
- lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3Envd
- lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3Envd
- www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlnvd
News mentions
0No linked articles in our index yet.