Apache Tomcat developers advise updates to avoid DoS

by Radu on 18/01/2012 · No Comments

The Apache Tomcat developers are advising users of the 7.0.x, 6.0.x and 5.5.x branches of the Java servlet and JSP container to update to the latest released versions 7.0.23, 6.0.35 and 5.5.35. Recent investigations revealed inefficiencies in how large numbers of parameters and parameter values were handled by Tomcat.

Analysis of the recent hash collision denial-of-service (DoS) vulnerability had allowed the developers to identify “unrelated inefficiencies” which could be exploited by a specially crafted request, causing large amounts of CPU to be consumed. To address the issue, the developers modified the code to efficiently process large numbers of parameters and values.


Read this full article at H Security

Only registered users can write comments.
Please login or register.

Powered by AkoComment!

Article source: http://www.linuxsecurity.com/content/view/156591?rdf

Tagged with:
 
If you enjoyed this article, please consider sharing it!
Facebook Twitter

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>