Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-220

CVE-2014-0230 tomcat7: non-persistent DoS attack by feeding data by aborting an upload

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Minor
    • JWS 3.0.1 CR2
    • JWS 3.0.0 GA
    • tomcat7
    • None
    • Release Notes
    • Hide
      It was found that Tomcat 7 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server.

      This issue has been fixed in this release.
      Show
      It was found that Tomcat 7 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server. This issue has been fixed in this release.

    Description

      CVE-2014-0230 already fixed in 8.0.9 public.

      Attachments

        Activity

          People

            dknox_jira David Knox (Inactive)
            rhn-support-twalsh Tim Walsh
            Michal Karm Michal Karm
            Lucas Costi Lucas Costi (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: