PT-2018-11780 · Apache+5 · Apache Tomcat+5

Publicado

2018-05-04

·

Atualizado

2024-06-15

·

CVE-2018-1336

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.28 through 7.0.86 Apache Tomcat versions 8.0.0.RC1 through 8.0.51 Apache Tomcat versions 8.5.0 through 8.5.30 Apache Tomcat versions 9.0.0.M9 through 9.0.7
Description An improper handling of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder, causing a Denial of Service.
Recommendations For versions 7.0.28 through 7.0.86, update to a version outside of this range to resolve the issue. For versions 8.0.0.RC1 through 8.0.51, update to a version outside of this range to resolve the issue. For versions 8.5.0 through 8.5.30, update to a version outside of this range to resolve the issue. For versions 9.0.0.M9 through 9.0.7, update to a version outside of this range to resolve the issue.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2019-1516
CESA-2018_2921
CVE-2018-1336
DLA-1491-1
DSA-4281-1
GHSA-M59C-JPC8-M2X4
MGASA-2018-0479
OPENSUSE-SU-2018_2740-1
OPENSUSE-SU-2018_3054-1
OPENSUSE-SU-2024:11468-1
OPENSUSE-SU-2024:13441-1
RHSA-2018:2701
RHSA-2018:2741
RHSA-2018:2742
RHSA-2018:2743
RHSA-2018:2921
RHSA-2018_2921
SUSE-SU-2018:2699-1
SUSE-SU-2018:3011-1
SUSE-SU-2018:3261-1
SUSE-SU-2018:3388-1
SUSE-SU-2018_2699-1
SUSE-SU-2018_3011-2
USN-3723-1
USN-4791-1

Produtos afetados

Alt Linux
Apache Tomcat
Centos
Red Hat
Suse
Ubuntu