PT-2018-11780 · Apache+5 · Apache Tomcat+5

Published

2018-05-04

Updated

2024-06-15

CVE-2018-1336

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 7.0.28 through 7.0.86 Apache Tomcat versions 8.0.0.RC1 through 8.0.51 Apache Tomcat versions 8.5.0 through 8.5.30 Apache Tomcat versions 9.0.0.M9 through 9.0.7

Description An improper handling of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder, causing a Denial of Service.

Recommendations For versions 7.0.28 through 7.0.86, update to a version outside of this range to resolve the issue. For versions 8.0.0.RC1 through 8.0.51, update to a version outside of this range to resolve the issue. For versions 8.5.0 through 8.5.30, update to a version outside of this range to resolve the issue. For versions 9.0.0.M9 through 9.0.7, update to a version outside of this range to resolve the issue.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2019-1516

CESA-2018_2921

CVE-2018-1336

DLA-1491-1

DSA-4281-1

GHSA-M59C-JPC8-M2X4

MGASA-2018-0479

OPENSUSE-SU-2018_2740-1

OPENSUSE-SU-2018_3054-1

OPENSUSE-SU-2024:11468-1

OPENSUSE-SU-2024:13441-1

RHSA-2018:2701

RHSA-2018:2741

RHSA-2018:2742

RHSA-2018:2743

RHSA-2018:2921

RHSA-2018_2921

SUSE-SU-2018:2699-1

SUSE-SU-2018:3011-1

SUSE-SU-2018:3261-1

SUSE-SU-2018:3388-1

SUSE-SU-2018_2699-1

SUSE-SU-2018_3011-2

USN-3723-1

USN-4791-1

Affected Products

Alt Linux

Apache Tomcat

Centos

Red Hat

Suse

Ubuntu

PT-2018-11780 · Apache+5 · Apache Tomcat+5

CVE-2018-1336

Weakness Enumeration

Related Identifiers

Affected Products

References · 165