Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-219

CVE-2014-0230 tomcat8: non-persistent DoS attack by feeding data by aborting an upload

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Done
    • JWS 3.0.0 GA
    • JWS 3.0.1 CR2
    • tomcat8
    • None
    • Release Notes
    • Hide
      It was found that Tomcat 8 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server.

      This issue has been fixed in this release.
      Show
      It was found that Tomcat 8 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server. This issue has been fixed in this release.

    Description

      CVE-2014-0230 already fixed in tomcat 7.0.55 public.

      Attachments

        Activity

          People

            dknox_jira David Knox (Inactive)
            rhn-support-twalsh Tim Walsh
            Lucas Costi Lucas Costi (Inactive)
            Michal Karm Michal Karm
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: