Description

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Remediation

References

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E

http://marc.info/?l=bugtraq&m=144498216801440&w=2

http://marc.info/?l=bugtraq&m=145974991225029&w=2

http://openwall.com/lists/oss-security/2015/04/10/1

http://rhn.redhat.com/errata/RHSA-2015-1621.html

http://rhn.redhat.com/errata/RHSA-2015-1622.html

http://rhn.redhat.com/errata/RHSA-2015-2661.html

http://rhn.redhat.com/errata/RHSA-2016-0595.html

http://rhn.redhat.com/errata/RHSA-2016-0596.html

http://rhn.redhat.com/errata/RHSA-2016-0597.html

http://rhn.redhat.com/errata/RHSA-2016-0598.html

http://rhn.redhat.com/errata/RHSA-2016-0599.html

http://svn.apache.org/viewvc?view=revision&revision=1603770

http://svn.apache.org/viewvc?view=revision&revision=1603775

http://svn.apache.org/viewvc?view=revision&revision=1603779

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://www.debian.org/security/2016/dsa-3447

http://www.debian.org/security/2016/dsa-3530

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/74475

http://www.ubuntu.com/usn/USN-2654-1

http://www.ubuntu.com/usn/USN-2655-1

https://access.redhat.com/errata/RHSA-2015:2659

https://access.redhat.com/errata/RHSA-2015:2660

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

https://issues.jboss.org/browse/JWS-219

https://issues.jboss.org/browse/JWS-220

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2014-1403 Vulnerability in npm package easyxdm

CVE-2023-50721 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-ui

CVE-2019-10449 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

CVE-2012-0818 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxb-provider

CVE-2021-40146 Vulnerability in maven package org.apache.any23:apache-any23-core

Severity

Critical

Classification

CWE-399

Tags

Vendor Advisory Patch