Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-219

CVE-2014-0230 tomcat8: non-persistent DoS attack by feeding data by aborting an upload

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • JWS 3.0.1 CR2
    • JWS 3.0.0 GA
    • tomcat8
    • None
    • Release Notes
    • Hide
      It was found that Tomcat 8 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server.

      This issue has been fixed in this release.
      Show
      It was found that Tomcat 8 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server. This issue has been fixed in this release.

      CVE-2014-0230 already fixed in tomcat 7.0.55 public.

              dknox_jira David Knox (Inactive)
              rhn-support-twalsh Tim Walsh
              Karm Karm Karm Karm
              Lucas Costi Lucas Costi (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: