Uploaded image for project: 'JBoss Web Server'
  1. JBoss Web Server
  2. JWS-219

CVE-2014-0230 tomcat8: non-persistent DoS attack by feeding data by aborting an upload

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: JWS 3.0.0 GA
    • Fix Version/s: JWS 3.0.1 CR2
    • Component/s: tomcat8
    • Labels:
      None
    • Target Release:
    • Affects:
      Release Notes
    • Release Notes Text:
      Hide
      It was found that Tomcat 8 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server.

      This issue has been fixed in this release.
      Show
      It was found that Tomcat 8 would keep connections open after processing requests with a large enough request body. A remote attacker could potentially use this flaw to exhaust the pool of available connections, and this would prevent any further legitimate connections to the Tomcat server. This issue has been fixed in this release.
    • Bugzilla Update:
      Perform

      Description

      CVE-2014-0230 already fixed in tomcat 7.0.55 public.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                dknox David Knox
                Reporter:
                twalsh1 Tim Walsh
                Writer:
                Lucas Costi
                Tester:
                Michal Karm Babacek
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: