Apache Tomcat CVE-2017-5650 Denial of Service Vulnerability

description-logoDescription

The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data. These waiting streams each consumed a thread. A malicious client could therefore construct a series of HTTP/2 requests that would consume all available processing threads.

affected-products-logoAffected Applications

Apache Tomcat

CVE References

CVE-2017-5650