7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.8%
Package : tomcat7
Version : 7.0.28-4+deb7u11
CVE ID : CVE-2017-6056
Debian Bug : 854551
The update for tomcat7 issued as DLA-823-1 caused that the server could
return HTTP 400 errors under certain circumstances. Updated packages are
now available to correct this issue. For reference, the original
advisory text follows.
It was discovered that a programming error in the processing of HTTPS
requests in the Apache Tomcat servlet and JSP engine may result in
denial of service via an infinite loop.
For Debian 7 "Wheezy", these problems have been fixed in version
7.0.28-4+deb7u11.
We recommend that you upgrade your tomcat7 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 8 | all | tomcat8-common | < 8.0.14-1+deb8u7 | tomcat8-common_8.0.14-1+deb8u7_all.deb |
Debian | 8 | all | tomcat7-admin | < 7.0.56-3+deb8u8 | tomcat7-admin_7.0.56-3+deb8u8_all.deb |
Debian | 8 | all | tomcat8 | < 8.0.14-1+deb8u7 | tomcat8_8.0.14-1+deb8u7_all.deb |
Debian | 7 | all | libtomcat7-java | < 7.0.28-4+deb7u10 | libtomcat7-java_7.0.28-4+deb7u10_all.deb |
Debian | 7 | all | tomcat7-docs | < 7.0.28-4+deb7u10 | tomcat7-docs_7.0.28-4+deb7u10_all.deb |
Debian | 8 | all | libtomcat7-java | < 7.0.56-3+deb8u8 | libtomcat7-java_7.0.56-3+deb8u8_all.deb |
Debian | 7 | all | libservlet3.0-java-doc | < 7.0.28-4+deb7u10 | libservlet3.0-java-doc_7.0.28-4+deb7u10_all.deb |
Debian | 7 | all | tomcat7-user | < 7.0.28-4+deb7u11 | tomcat7-user_7.0.28-4+deb7u11_all.deb |
Debian | 7 | all | tomcat7 | < 7.0.28-4+deb7u10 | tomcat7_7.0.28-4+deb7u10_all.deb |
Debian | 7 | all | tomcat7-docs | < 7.0.28-4+deb7u11 | tomcat7-docs_7.0.28-4+deb7u11_all.deb |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.013 Low
EPSS
Percentile
85.8%