Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
Author | Risk | Exploitation Type | Date |
---|---|---|---|
CVE-2012-3544 Chunked transfer encoding extension size is not limited Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.29 - - Tomcat 6.0.0 to 6.0.36 Description: When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server. Mitigation: Users of affected versions should apply one of the following mitigations: - - Tomcat 7.0.x users should upgrade to 7.0.30 or later - - Tomcat 6.0.x users should upgrade to 6.0.37 or later Credit: This issue was identified by Steve Jones. References: http://tomcat.apache.org/security.html http://tomcat.apache.org/security-7.html http://tomcat.apache.org/security-6.html
Copyright ©2024 Exploitalert.