Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.41
Description:
It was possible to craft a malformed chunk as part of a chucked request
that caused Tomcat to read part of the request body as a new request.
Mitigation:
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.9 or later
- - Upgrade to Apache Tomcat 7.0.55 or later
- - Upgrade to Apache Tomcat 6.0.43 or later
(6.0.42 contains the fix but was not released)
Credit:
This issue was identified by the Tomcat security team.
References:
[1] http://tomcat.apache.org/
[2] http://tomcat.apache.org/
[3] http://tomcat.apache.org/
Komentarų nėra:
Rašyti komentarą