Описание
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
It was found that Tomcat would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections and preventing further, legitimate connections to the Tomcat server to be made.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | tomcat5 | Will not fix | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Not affected | ||
| Red Hat JBoss BRMS 5 | jbossweb | Under investigation | ||
| Red Hat JBoss Data Grid 6 | jbossweb | Affected | ||
| Red Hat JBoss Data Virtualization 6 | jbossweb | Affected | ||
| Red Hat JBoss Enterprise Application Platform 4 | jbossweb | Will not fix | ||
| Red Hat JBoss Enterprise Application Platform 5 | jbossweb | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | tomcat5 | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | tomcat6 | Will not fix | ||
| Red Hat JBoss Fuse Service Works 6 | jbossweb | Under investigation |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5 Medium
CVSS2
Связанные уязвимости
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0 ...
EPSS
5 Medium
CVSS2