PT-2005-4306 · Apache · Apache Tomcat

Published

2005-11-06

Updated

2022-05-01

CVE-2005-3510

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 5.5.0 through 5.5.11

Description The issue allows remote attackers to cause a denial of service by consuming CPU resources via a large number of simultaneous requests to list a web directory that contains a large number of files. This is due to the expensive calls required to generate the content for the directory listings.

Recommendations For Apache Tomcat versions 5.5.0 through 5.5.11, consider disabling directory listings to prevent exploitation, especially in directories with a large number of files. As a temporary workaround, keep the number of files in each directory to a minimum. A proposed patch is expected to improve performance by caching directory listings, which would be a more permanent solution.

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

CVE-2005-3510

GHSA-8F4W-JWQV-5CXC

RHSA-2007:0340

RHSA-2007:1069

RHSA-2008:0261

RHSA-2008:0524

RHSA-2010:0602

Affected Products

Apache Tomcat

PT-2005-4306 · Apache · Apache Tomcat

CVE-2005-3510

Weakness Enumeration

Related Identifiers

Affected Products

References · 36