SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1027729
SecurityTracker URL:  http://securitytracker.com/id/1027729
CVE Reference:   CVE-2012-2733   (Links to External Site)
Date:  Nov 6 2012
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6.0.0 to 6.0.35, 7.0.0 to 7.0.27
Description:   A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions.

A remote user can send specially crafted request with large headers to trigger an OutOfMemoryError in the HTTP NIO connector.

Josh Spiewak reported this vulnerability.

Impact:   A remote user can cause excessive memory consumption on the target system.
Solution:   The vendor has issued a fix (6.0.36, 7.0.28).

The vendor's advisory is available at:

http://tomcat.apache.org/security-7.html

Vendor URL:  tomcat.apache.org/ (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 14 2012 (Oracle Issues Fix for Oracle Health Sciences LabPas) Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
Oracle has issued a fix for Oracle Health Sciences LabPas.
Feb 20 2013 (Red Hat Issues Fix) Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Web Server.
Feb 20 2013 (Red Hat Issues Fix) Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Enterprise Web Server for Red Hat Enterprise Linux 5 and 6.
Feb 20 2013 (Oracle Issues Fix for Solaris) Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
Oracle has issued a fix for Solaris 11.1.
Apr 30 2013 (HP Issues Fix for HP Service Manager) Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
HP has issued a fix for HP Service Manager.
Apr 3 2014 (Oracle Issues Fix for Solaris) Apache Tomcat Header Processing Bug Lets Remote Users Deny Service
Oracle has issued a fix for Solaris 9, 10, and 11.1.



 Source Message Contents

Subject:  [Full-disclosure] [SECURITY] CVE-2012-2733 Apache Tomcat Denial of Service

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2012-2733 Apache Tomcat Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.27
- - Tomcat 6.0.0 to 6.0.35

Description:
The checks that limited the permitted size of request headers were
implemented too late in the request parsing process for the HTTP NIO
connector. This enabled a malicious user to trigger an
OutOfMemoryError by sending a single request with very large headers.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- - Tomcat 7.0.x users should upgrade to 7.0.28 or later
- - Tomcat 6.0.x users should upgrade to 6.0.36 or later

Credit:
This issue was identified by Josh Spiewak.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQmERaAAoJEBDAHFovYFnnn3MQAOpo2bXRZqp7m6B9Baixivr3
XsahCY6g+lk1G9PZewYirHQ9I8rX0Zte0c+7M+D0jfn5kxDsvOzHGSHxn9IMQkYU
4dRKYrSi75b2RvwxWB1AT0PMDLEk6ttaPLSlA0/JdnPluh54dzVJ+4DPCm1NDfzh
7+UTGSIXESstOo9ogJG8oslXdv5m4aYscMdxrJMEDe3SeHp/vtphY8JfO5F8aGlF
zUVrl/JY8lXl0UH79dMUHoyFbVeLLfv5vyNauSEQZKIa/2y58B9396H4sMlfAXoe
+NcVTo9vb419CQs6I0G4qiN15lZKQk9+bF5hgjTX0GSxi3E88ZJMGuk9rCK8MXr+
XfTTX+YjnRfSjRlrbbd4zejovFUJukVGqkbmXj01Zm42kDmqQnem5lsKWo8IrmCJ
Qe9gQstoqfWUY+gBAJ2msfg3HkJkPvehYYvmVO+pIdI7EemOAKOfgGxSjg947gtd
gf97Z2BOmpWHUH8+erZ3ro8OaOdhHa9ixmDl2EZxZwjngAn59f9P/srBwmPtTsbh
o9GYr3KgU7rfEVOgsZN1aUXvTFjwF50Ju8Yz4D+PagLPnGaraQLIkFc/MdvAFRm6
VP/UxJCRJDdxwjU/cj9jx6/6ZS99JL1ItfYF/v+v/0GCsERcKLphKNzhYpcY888u
gpYL4yE7b4ZmqBUuoK1T
=+jW7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC