Release date:
Updated on:
Affected Systems:
Apache Group Tomcat 8.0.0-RC1-8.0.3
Apache Group Tomcat 7.0.0-7.0.52
Apache Group Tomcat 6.0.0-6.0.39
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67671
CVE (CAN) ID: CVE-2014-0075
Apache Tomcat is a popular open-source JSP application server program.
Apache Tomcat 8.0.0-RC1-8.0.3, 7.0.0-7.0.52, 6.0.0-6.0.39 versions have security vulnerabilities on malformed block size requests, which can send a large amount of data to the server, A denial of service is caused by bypassing various size restrictions on the request.
<* Source: Tomcat users mailing list
Link: http://secunia.com/advisories/57879/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html
Deploy Solr 4 on Ubuntu 12.04 LTS through Tomcat
Deploy Solr (4.4) to Tomcat (7.0.53) in Ubuntu)
Load Balancing between Apache and multiple Tomcat clusters in Linux
Nginx Tomcat Cluster load balancing solution notes
Instance details Tomcat component installation + Nginx reverse proxy Tomcat + Apache use mod_jk and mod_proxy Reverse Proxy and load balancing
Build an Apache + Tomcat environment (JK deployment process)
Tomcat details: click here
Tomcat: click here
This article permanently updates the link address: