Summary
The host is running Apache Tomcat Server and is prone to denial of service vulnerability.
Impact
Successful exploitation could allow remote attackers to cause a denial of service via a specially crafted request.
Impact Level: Application
Solution
Apply patch or upgrade Apache Tomcat to 7.0.30 or 6.0.37 or later, For updates refer to http://tomcat.apache.org
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Flaw due to improper validation of an error in the way CRLF sequences at the end of data chunks are processed by chunked transfer encoding.
Affected
Apache Tomcat version 6.x before 6.0.37 and 7.x before 7.0.30
References
- http://svn.apache.org/viewvc?view=revision&revision=1378702
- http://svn.apache.org/viewvc?view=revision&revision=1378921
- http://svn.apache.org/viewvc?view=revision&revision=1476592
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://xforce.iss.net/xforce/xfdb/84144
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-3544 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities January 2010
- Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
- IBM WebSphere Application Server Hash Collisions DOS Vulnerability
- GoAhead WebServer Script Source Code Disclosure
- Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability