Summary
The host is running Apache Tomcat Server and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted request.
Impact Level: Application
Solution
Apply patch or upgrade Apache Tomcat to 7.0.30 or 6.0.37 or later, For updates refer to http://tomcat.apache.org
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Flaw due to improper validation of an error in the way CRLF sequences at the end of data chunks are processed by chunked transfer encoding.
Affected
Apache Tomcat version 6.x before 6.0.37 and 7.x before 7.0.30
References
- http://svn.apache.org/viewvc?view=revision&revision=1378702
- http://svn.apache.org/viewvc?view=revision&revision=1378921
- http://svn.apache.org/viewvc?view=revision&revision=1476592
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://xforce.iss.net/xforce/xfdb/84144
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3544 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- IBM WebSphere Application Server (WAS) Security Bypass Vulnerability - March 2011
- GoAhead Webserver Multiple Stored Cross Site Scripting Vulnerabilities
- IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- httpdx Space Character Remote File Disclosure Vulnerability