Информационная безопасность
[RU] switch to English

Дополнительная информация

  Многочисленные уязвимости безопасности в Apache Tomcat

  [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure

  [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure

  [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure

  [SECURITY] CVE-2014-0095 Apache Tomcat denial of service

Date:29 мая 2014 г.
Subject:[SECURITY] CVE-2014-0075 Apache Tomcat denial of service

CVE-2014-0075 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39

It was possible to craft a malformed chunk size as part of a chucked
request that enabled an unlimited amount of data to be streamed to the
server, bypassing the various size limits enforced on a request. This
enabled a denial of service attack.

Users of affected versions should apply one of the following mitigations
- Upgrade to Apache Tomcat 8.0.5 or later
 (8.0.4 contains the fix but was not released)
- Upgrade to Apache Tomcat 7.0.53 or later
- Upgrade to Apache Tomcat 6.0.41 or later
 (6.0.40 contains the fix but was not released)

This issue was reported to the Tomcat security team by David Jorm of the
Red Hat Security Response Team.

[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород