Apache Tomcat Multiple Vulnerabilities

Last Update Date: 7 Dec 2012 Release Date: 6 Dec 2012 5557 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Some vulnerabilities have been identified in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

  1. An error within the NIO connector when transferring files using sendfile over HTTPS can be exploited to trigger an infinite loop and cause excessive consumption of CPU resources.
  2. An error within the FormAuthenticator component when handling authentication requests can be exploited to bypass the authentication mechanism via a specially crafted request.
  3. An error within the "doFilter()" method when accessing protected resources can be exploited to bypass the CSRF prevention filter and access the resource without a session identifier.

Impact

  • Denial of Service
  • Security Restriction Bypass

System / Technologies affected

  • Apache Tomcat 6.x
  • Apache Tomcat 7.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to a fixed version.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Opera GIF Image Handling Buffer Underflow Vulnerability

6 Dec 2012 5566 Views

Next

ISC BIND DNS64 REQUIRE Assertion Failure Denial of Service Vulnerability

6 Dec 2012 5391 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY