PT-2014-3548 · Apache+4 · Apache Tomcat+4

Publicado

2014-06-24

Atualizado

2022-05-14

CVE-2014-0230

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.x through 6.0.43 Apache Tomcat versions 7.x through 7.0.54 Apache Tomcat versions 8.x through 8.0.8

Description The issue arises when an HTTP response occurs before the entire request body has been read, allowing remote attackers to cause a denial of service by consuming threads through a series of aborted upload attempts. By default, Tomcat swallows the remaining request body so that the next request on the connection may be processed, but there was no limit to the size of the request body that Tomcat would swallow, permitting a limited Denial of Service.

Recommendations For Apache Tomcat version 6.x, update to version 6.0.44 or later. For Apache Tomcat version 7.x, update to version 7.0.55 or later. For Apache Tomcat version 8.x, update to version 8.0.9 or later.

Correção

DoS

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399CWE-400

Identificadores relacionados

CESA-2016_2599

CVE-2014-0230

DLA-232-1

DSA-3447-1

DSA-3530-1

GHSA-PXCX-CXQ8-4MMW

RHSA-2015:1622

RHSA-2015:2659

RHSA-2015:2660

RHSA-2016:0595

RHSA-2016:0596

RHSA-2016:0597

RHSA-2016:0598

RHSA-2016:2599

RHSA-2016_2599

SUSE-SU-2015:1565-1

USN-2654-1

USN-2655-1

Produtos afetados

Apache Tomcat

Centos

Red Hat

Suse

Ubuntu

PT-2014-3548 · Apache+4 · Apache Tomcat+4

CVE-2014-0230

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 83