CVE-2017-6056

{"id": "CVE-2017-6056", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-02-17T07:59:00.997", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2017-0517.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0826.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0827.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0828.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://rhn.redhat.com/errata/RHSA-2017-0829.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2017/dsa-3787", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2017/dsa-3788", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/96293", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1037860", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://bugs.debian.org/851304", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=60578", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/6b414817c2b0bf351138911c8c922ec5dd577ebc0b9a7f42d705752d%40%3Cissues.activemq.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.apache.org/thread.html/ac51944aef91dd5006b8510b0bef337adaccfe962fb90e7af9c22db4%40%3Cissues.activemq.apache.org%3E", "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-security-announce/2017/msg00038.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-security-announce/2017/msg00039.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security.netapp.com/advisory/ntap-20180731-0002/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-835"}]}], "descriptions": [{"lang": "en", "value": "It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu."}, {"lang": "es", "value": "Se descubri\u00f3 que un error de programaci\u00f3n en el procesamiento de solicitudes HTTPS en el servlet Apache Tomcat y en el motor JSP puede dar como resultado la denegaci\u00f3n de servicio a trav\u00e9s de un bucle infinito. La denegaci\u00f3n de servicio es f\u00e1cilmente alcanzable como consecuencia de backporting una correcci\u00f3n CVE-2016-6816 pero no backporting la correcci\u00f3n para el error 57544 de Tomcat. Las distribuciones afectadas por este problema de backporting incluyen Debian (en versiones anteriores a 7.0.56-3+deb8u8 y 8.0.14-1+deb8u7 en jessie) y Ubuntu."}], "lastModified": "2023-11-07T02:49:49.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084"}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}