Summary
The host is running Apache Tomcat Server and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted request.
Impact Level: Application
Solution
Apply patch or upgrade Apache Tomcat to 7.0.30 or 6.0.37 or later, For updates refer to http://tomcat.apache.org
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Flaw due to improper validation of an error in the way CRLF sequences at the end of data chunks are processed by chunked transfer encoding.
Affected
Apache Tomcat version 6.x before 6.0.37 and 7.x before 7.0.30
References
- http://svn.apache.org/viewvc?view=revision&revision=1378702
- http://svn.apache.org/viewvc?view=revision&revision=1378921
- http://svn.apache.org/viewvc?view=revision&revision=1476592
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://xforce.iss.net/xforce/xfdb/84144
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3544 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
- IBM WebSphere Application Server 'plugin-key.kdb' Information Disclosure Vulnerability
- jHTTPd Directory Traversal Vulnerability
- IBM WebSphere Application Server Administration Directory Traversal Vulnerability
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability