CVE-2018-1336

Опубликовано: 22 июл. 2018

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Отчет

Fuse 6.3 and 7 standalone distributions ship but do not use tomcat, and as such are not affected by this flaw; however, Fuse Integration Services 2.0 and Fuse 7 on OpenShift provide the affected artifacts via their respective maven repositories, and will provide fixes for this issue in a future release.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat AMQ Broker 7	tomcat	Affected
Red Hat BPM Suite 6	tomcat	Not affected
Red Hat Enterprise Linux 6	tomcat6	Not affected
Red Hat JBoss BRMS 5	jbossweb	Not affected
Red Hat JBoss BRMS 6	tomcat	Not affected
Red Hat JBoss Data Grid 6	jbossweb	Not affected
Red Hat JBoss Data Grid 7	tomcat	Not affected
Red Hat JBoss Data Virtualization 6	jbossweb	Out of support scope
Red Hat JBoss Enterprise Application Platform 5	jbossweb	Not affected
Red Hat JBoss Enterprise Web Server 2	tomcat6	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1607591tomcat: A bug in the UTF-8 decoder can lead to DoS

EPSS

Процентиль: 88%

0.0393

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2018-1336

CVSS3: 7.5

ubuntu

около 7 лет назад

CVE-2018-1336

CVSS3: 7.5

nvd

около 7 лет назад

CVE-2018-1336

CVSS3: 7.5

debian

около 7 лет назад

An improper handing of overflow in the UTF-8 decoder with supplementar ...

GHSA-m59c-jpc8-m2x4

CVSS3: 7.5

github

почти 7 лет назад

In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder

ELSA-2018-2921

oracle-oval

почти 7 лет назад

ELSA-2018-2921: tomcat security update (IMPORTANT)

EPSS

Процентиль: 88%

0.0393

Низкий

7.5 High

CVSS3