Vigil@nce - Apache Tomcat: denial of service via FileUpload
August 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send files of a specially chosen size to Apache
Tomcat, in order to overload the server.
Impacted products: Tomcat, Debian, Ubuntu.
Severity: 2/4.
Creation date: 22/06/2016.
DESCRIPTION OF THE VULNERABILITY
The Apache Tomcat product uses a slightly fork of the Apache
Commons FileUpload library.
This library is used to receive files from an HTTP client to the
server. However, when the file size is such that the size of the
MIME envelope (file content + MIME headers) is equal to the size
of the file reading buffer, the transfer requires an extremely
long duration.
An attacker can therefore send files of a specially chosen size to
Apache Tomcat, in order to overload the server.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Apache-Tomcat-denial-of-service-via-FileUpload-19953