Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Subscribe





















Security Vulnerability

Vigil@nce - Apache Tomcat: denial of service via several parameters

February 2012 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can send a query containing several parameters to Apache Tomcat, in order to overload the CPU.

Severity: 2/4

Creation date: 17/01/2012

IMPACTED PRODUCTS

- Apache Tomcat

DESCRIPTION OF THE VULNERABILITY

An HTTP GET or POST query uses parameters like "para1=value&para2=value&...".

The org/apache/tomcat/util/http/Parameters.java file decodes these parameters. However, the algorithm used is not efficient. If the query contains numerous parameters, Tomcat consumes a lot a processor resources.

An attacker can therefore send a query containing several parameters to Apache Tomcat, in order to overload the CPU.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/A...


See previous articles

    

See next articles

All our news in english





















Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts

 
News Files Security Vulnerability Malware Update Diary Guide & Podcast Jobs TRAINING Contact About Mentions légales S'identifier ADMIN

Global Security Mag Copyright 2011