Описание
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| tomcat11 | unfixed | package | ||
| tomcat10 | unfixed | package | ||
| tomcat9 | fixed | 9.0.70-2 | package |
Примечания
Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
https://lists.apache.org/thread/nzkqsok8t42qofgqfmck536mtyzygp18
https://github.com/apache/tomcat/commit/2b0ab14fb55d4edc896e5f1817f2ab76f714ae5e (11.0.8)
https://github.com/apache/tomcat/commit/cdde8e655bc1c5c60a07efd216251d77c52fd7f6 (10.1.42)
https://github.com/apache/tomcat/commit/ee8042ffce4cb9324dfd79efda5984f37bbb6910 (9.0.106)
EPSS
Связанные уязвимости
A denial-of-service (DoS) vulnerability has been identified in Apache Tomcat, concerning its handling of upload limits. A remote attacker could exploit this flaw by sending a specially crafted request containing an excessively large number of multipart sections. This malicious request can trigger excessive memory consumption on the Tomcat server, ultimately leading to resource exhaustion and a denial-of-service condition.
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
EPSS