Advertisement






Apache Tomcat 7.0.29 / 6.0.36 Denial Of Service

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2013050089

Below is a copy:

CVE-2012-3544 Chunked transfer encoding extension size is not limited

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.29
- - Tomcat 6.0.0 to 6.0.36

Description:
When processing a request submitted using the chunked transfer encoding,
Tomcat ignored but did not limit any extensions that were included. This
allows a client to perform a limited DOS by streaming an unlimited
amount of data to the server.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- - Tomcat 7.0.x users should upgrade to 7.0.30 or later
- - Tomcat 6.0.x users should upgrade to 6.0.37 or later

Credit:
This issue was identified by Steve Jones.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum