CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5650

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.186

EPSS Ranking 95.0%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2017-5650

Apache » Tomcat » Version: 8.5.0

cpe:2.3:a:apache:tomcat:8.5.0
Apache » Tomcat » Version: 8.5.1

cpe:2.3:a:apache:tomcat:8.5.1
Apache » Tomcat » Version: 8.5.10

cpe:2.3:a:apache:tomcat:8.5.10
Apache » Tomcat » Version: 8.5.11

cpe:2.3:a:apache:tomcat:8.5.11
Apache » Tomcat » Version: 8.5.12

cpe:2.3:a:apache:tomcat:8.5.12
Apache » Tomcat » Version: 8.5.2

cpe:2.3:a:apache:tomcat:8.5.2
Apache » Tomcat » Version: 8.5.3

cpe:2.3:a:apache:tomcat:8.5.3
Apache » Tomcat » Version: 8.5.4

cpe:2.3:a:apache:tomcat:8.5.4
Apache » Tomcat » Version: 8.5.5

cpe:2.3:a:apache:tomcat:8.5.5
Apache » Tomcat » Version: 8.5.6

cpe:2.3:a:apache:tomcat:8.5.6
Apache » Tomcat » Version: 8.5.7

cpe:2.3:a:apache:tomcat:8.5.7
Apache » Tomcat » Version: 8.5.8

cpe:2.3:a:apache:tomcat:8.5.8
Apache » Tomcat » Version: 8.5.9

cpe:2.3:a:apache:tomcat:8.5.9
Apache » Tomcat » Version: 9.0.0

cpe:2.3:a:apache:tomcat:9.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5650

Products

Pricing

Contact Us