SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache Tomcat Vendors:   Apache Software Foundation
Apache Tomcat Request Processing Lets Remote Users Deny Service
SecurityTracker Alert ID:  1032079
SecurityTracker URL:  http://securitytracker.com/id/1032079
CVE Reference:   CVE-2014-0230   (Links to External Site)
Updated:  May 6 2015
Original Entry Date:  Apr 11 2015
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 7.0.x
Description:   A vulnerability was reported in Apache Tomcat. A remote user can cause denial of service conditions on the target system.

A remote user can send a specially crafted request to temporarily consume excessive CPU resources on the target system.

AntBean@secdig from the Baidu Security Team reported this vulnerability.

Impact:   A remote user can consume excessive memory on the target system.
Solution:   The vendor has issued a fix (6.0.44, 7.0.55, 8.0.9).

A source code fix is also available at:

http://svn.apache.org/viewvc?view=revision&revision=1603781

The vendor's advisory is available at:

http://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9

Vendor URL:  tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.0.9 (Links to External Site)
Cause:   Resource error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jul 30 2015 (Blue Coat Systems Issues Fix for Blue Coat Director) Apache Tomcat Request Processing Lets Remote Users Deny Service
Blue Coat Systems has issued a fix for Blue Coat Director.
Aug 14 2015 (Red Hat Issues Fix for JBoss) Apache Tomcat Request Processing Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss for Red Hat Enterprise Linux 5, 6, and 7.
Aug 30 2015 (IBM Issues Fix for IBM Cognos Metrics Manager) Apache Tomcat Request Processing Lets Remote Users Deny Service
IBM has issued a fix for IBM Cognos Metrics Manager.
Oct 16 2015 (HP Issues Fix for HP OpenVMS) Apache Tomcat Request Processing Lets Remote Users Deny Service
HP has issued a fix for HP OpenVMS.
Dec 16 2015 (Red Hat Issues Fix for JBoss Web Server) Apache Tomcat Request Processing Lets Remote Users Deny Service
Red Hat has issued a fix for JBoss Web Server for Red Hat Enterprise Linux, Solaris, and Windows.
Apr 5 2016 (HPE Issues Fix) Apache Tomcat Request Processing Lets Remote Users Deny Service
HPE has issued a fix for HP-UX 11.31.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC