Friday, February 14, 2014

DoS issue puts Apache Tomcat servers at risk

Apache Tomcat is a widely used Web server for hosting applications developed with the Java Servlet and the JavaServer Pages (JSP) technologies are at risk due to denial-of-service issue. Recently, Security researchers published a proof-of-concept exploit for vulnerability that allows attackers to launch denial-of-service attacks against websites hosted on Apache Tomcat servers. The new denial-of-service vulnerability is located in Apache Commons FileUpload, a stand-alone library that developers can use to add file upload capability to their Java Web-based applications. This library is also included by default in Apache Tomcat versions 7 and 8 in order to support the processing of mime-multipart requests. The multipart content type is used when an HTTP request needs to include different sets of data in its body. <more>

1 comment:

Mark Thomas said...

Just an update that the fix for CVE-2014-0050 is included in Apache Tomact 8.0.3 released 11 Feb 2014 and in Apache Tomcat 7.0.52 released 14 Feb 2014. Apache Tomcat 6 was not affected.