The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and 8.5.0 to 8.5.6 entered an infinite loop if a header was received that was larger than the available buffer. This made a denial of service attack possible.
Base Score: 5
Impact Score: 2.9
Exploitability Score: 10
Base Score: 7.5
Impact Score: 3.6
Exploitability Score: 3.9
|111845||Photon OS 1.0: Apache / Mercurial PHSA-2016-0011 (deprecated)||Nessus||PhotonOS Local Security Checks|
|99930||Oracle Secure Global Desktop Multiple Vulnerabilities (April 2017 CPU) (SWEET32)||Nessus||Misc.|
|9906||Apache Tomcat 8.5.x < 8.5.8 / 9.0.0.x < 9.0.0.M13 Multiple Vulnerabilities||Nessus Network Monitor||Web Servers|
|95904||Fedora 24 : 1:tomcat (2016-a98c560116)||Nessus||Fedora Local Security Checks|
|95830||Fedora 23 : 1:tomcat (2016-9c33466fbb)||Nessus||Fedora Local Security Checks|
|95829||Fedora 25 : 1:tomcat (2016-98cca07999)||Nessus||Fedora Local Security Checks|
|95438||Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities||Nessus||Web Servers|