Описание
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105.
The following versions were EOL at the time the CVE was created but are
known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions
may also be affected.
Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
A denial-of-service (DoS) vulnerability has been identified in Apache Tomcat, concerning its handling of upload limits. A remote attacker could exploit this flaw by sending a specially crafted request containing an excessively large number of multipart sections. This malicious request can trigger excessive memory consumption on the Tomcat server, ultimately leading to resource exhaustion and a denial-of-service condition.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Data Grid 8 | tomcat-catalina | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mod_proxy_cluster | Fix deferred | ||
| Red Hat Enterprise Linux 6 | tomcat6 | Out of support scope | ||
| Red Hat Enterprise Linux 7 | tomcat | Out of support scope | ||
| Red Hat Enterprise Linux 8 | log4j:2/log4j | Fix deferred | ||
| Red Hat Enterprise Linux 8 | pki-deps:10.6/pki-servlet-engine | Fix deferred | ||
| Red Hat Enterprise Linux 9 | log4j | Fix deferred | ||
| Red Hat Enterprise Linux 9 | mod_proxy_cluster | Fix deferred | ||
| Red Hat Enterprise Linux 9 | pki-servlet-engine | Fix deferred | ||
| Red Hat Fuse 7 | tomcat-catalina | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 though 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue.
Allocation of Resources Without Limits or Throttling vulnerability in ...
EPSS
5.3 Medium
CVSS3