CVE-2017-5650

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-5650

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5650.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-5650

Aliases

GHSA-9785-w233-x6hv

Published

2017-04-17T16:59:00.430Z

Modified

2026-04-10T04:01:42.983384Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

References

Affected packages

Git / github.com/apache/tomcat

Affected ranges

Type

GIT

Repo

https://github.com/apache/tomcat

Events

Introduced

Last affected

e37b977db6f47e4380ad67114a49e8568951c953

Introduced

Last affected

389365303d986b2a918bc95f39421b27a2c9ff30

Introduced

Last affected

f5dffa6e1148080fe5dc3690df917e805c72a714

Introduced

Last affected

bdd72e8bc872876689e41631e47942366ca03364

Introduced

Last affected

3e5565173dfe107f90419ab63bd4e2e7edc9deb4

Introduced

Last affected

c6a2c4ed296c7f8839b72e8e31cb53b84102d02c

Introduced

Last affected

61ff12fb282b1d00593b8d16e94ab8ec02f8d5be

Introduced

Last affected

b5205c92f41dfd9a67f78bc783db7b022e38226c

Introduced

Last affected

4178d385e09435a88ac34cf7025526b7f0055c55

Introduced

Last affected

80083369bb8178efc49374a65d7eb73465e77f8b

Introduced

Last affected

e14e9824c3087f79621a9796ddf9b3432be02858

Introduced

Last affected

20ec6f6f034bb5eebe4f1b52140b680aaff6f380

Introduced

Last affected

e95b65a27af4cd6681b6dc1bf17ee5abb897610d

Introduced

Last affected

29b07def810d335012e738b22ab44d4e232b50d1

Introduced

Last affected

10e04de1946981261a734507f4a6d953e2a206fe

Introduced

Last affected

65ddc3a3872ea41ca67fec7b6834c704b6893361

Introduced

Last affected

b5a74e3c7913c560648f0ffedfbbb3ebe4318def

Introduced

Last affected

de128d72af746184e035ff1b53629f08cb141a04

Introduced

Last affected

aac670afe1226e10513021100fce8a12344743c6

Introduced

Last affected

c2c8107f0cea4755497a85990807b883b66f6b57

Introduced

Last affected

8c48678b110f3fbbe66f6dde0e45d2578fa92c29

Introduced

Last affected

9c5edb840d9413c1408e7c191bc0e1bbfcd9e07f

Introduced

Last affected

59e713216cf2256aacc54f6ba627865f356f9e4e

Introduced

Last affected

18b014d8691909be6153ae7db022a6c35f9c93ea

Introduced

Last affected

d1dc05e934e089ea8907998cf850760017a0ed82

Introduced

Last affected

fd7f13635e6855f6ba3fead0bf37ba2fbf8b68cf

Introduced

Last affected

c7b84102600d600bcc527560d9c4d10c3fd440ab

Introduced

Last affected

d8ebf61e51b4455e3c226751e492a533f9002d48

Introduced

Last affected

aba238718ac9b149d25feaa9a14ecad3b0e3a5e2

Introduced

Last affected

fe854ab1f111396458d98fa2ab08c693ce9407e1

Introduced

Last affected

45f8fd74cdb96490fab8709263a4d862f0d429cf

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.9"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.5.12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone11"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone12"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone13"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone14"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone16"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone17"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone18"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "9.0.0-milestone9"
        }
    ]
}

Affected versions

8.*

8.5.0

8.5.1

8.5.10

8.5.11

8.5.12

8.5.2

8.5.3

8.5.4

8.5.5

8.5.6

8.5.7

8.5.8

8.5.9

9.*

9.0.0-M1

9.0.0-M10

9.0.0-M11

9.0.0-M12

9.0.0-M13

9.0.0-M14

9.0.0-M15

9.0.0-M16

9.0.0-M17

9.0.0-M18

9.0.0-M2

9.0.0-M3

9.0.0-M4

9.0.0-M5

9.0.0-M6

9.0.0-M7

9.0.0-M8

9.0.0-M9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-5650.json"