PT-2005-4306 · Apache · Apache Tomcat

Publicado

2005-11-06

Atualizado

2022-05-01

CVE-2005-3510

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.0 through 5.5.11

Description The issue allows remote attackers to cause a denial of service by consuming CPU resources via a large number of simultaneous requests to list a web directory that contains a large number of files. This is due to the expensive calls required to generate the content for the directory listings.

Recommendations For Apache Tomcat versions 5.5.0 through 5.5.11, consider disabling directory listings to prevent exploitation, especially in directories with a large number of files. As a temporary workaround, keep the number of files in each directory to a minimum. A proposed patch is expected to improve performance by caching directory listings, which would be a more permanent solution.

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

CVE-2005-3510

GHSA-8F4W-JWQV-5CXC

RHSA-2007:0340

RHSA-2007:1069

RHSA-2008:0261

RHSA-2008:0524

RHSA-2010:0602

Produtos afetados

Apache Tomcat

PT-2005-4306 · Apache · Apache Tomcat

CVE-2005-3510

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 36