Описание
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
Отчет
This flaw affects Apache Tomcat 6.0.30 - 6.0.36 and 7.0.0 - 7.0.29. It does not affect JBoss Web.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tomcat5 | Not affected | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | jbossweb | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | eap-5 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | tomcat5 | Not affected | ||
| Red Hat JBoss Enterprise Web Server 1 | tomcat6 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | apache-commons-daemon-eap6 | Fixed | RHSA-2013:1011 | 03.07.2013 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | apache-commons-daemon-jsvc-eap6 | Fixed | RHSA-2013:1011 | 03.07.2013 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | apache-commons-pool-eap6 | Fixed | RHSA-2013:1011 | 03.07.2013 |
| Red Hat JBoss Enterprise Web Server 2 for RHEL 5 | dom4j | Fixed | RHSA-2013:1011 | 03.07.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properl ...
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions
EPSS
4.3 Medium
CVSS2