Advertisement






Apache Tomcat Connection Swallow Denial Of Service

CVE Category Price Severity
CVE-2014-0230 CWE-400 $3000 High
Author Risk Exploitation Type Date
Unknown High Remote 2015-05-06
CVSS EPSS EPSSP
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H 0.82678 0.983365

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015050029

Below is a copy:

CVE-2014-0230 Denial of Service

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.43

Description:
When a response for a request with a request body is returned to the
user agent before the request body is fully read, by default Tomcat
swallows the remaining request body so that the next request on the
connection may be processed. There was no limit to the size of request
body that Tomcat would swallow. This permitted a limited Denial of
Service as Tomcat would never close the connection and a processing
thread would remain allocated to the connection.

Note that this issue was accidentally disclosed by Red Hat Product Security on 9 April 2015 [4]. The Tomcat security team was made aware of this disclosure today (5 May 2015). The information released on 9 April 2015 contained a number of errors. For the sake of clarity:
- - This issue is not limited to file upload. Any request with a body may be affected.
- - This issue cannot be used to trigger excessive memory usage on the server. The additional data read from the response body is not retained - it is simply ignored.

The intention was to embargo this issue until after the 6.0.44 release. Unfortunately that is no longer possible. The Tomcat team is working on a 6.0.44 release now and we hope to have one available by early next week.

Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.9 or later
- - Upgrade to Apache Tomcat 7.0.55 or later
- - Upgrade to Apache Tomcat 6.0.44 or later once released


Credit:
This issue was discovered by AntBean@secdig from the Baidu Security Team and was reported responsibly to the Apache Tomcat security team.

References:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html
[4] http://www.openwall.com/lists/oss-security/2015/04/10/1


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.