Apache Tomcat DoS Vulnerability (CVE-2016-3092)

Apache Tomcat DoS Vulnerability (CVE-2016-3092)
Apache Tomcat DoS Vulnerability (CVE-2016-3092)

Release date:
Updated on:

Affected Systems:

Apache Group Tomcat 9.0.0.M1 － 9.0.0M6
Apache Group Tomcat 8.5.0 － 8.5.2
Apache Group Tomcat 8.0.0.RC1 － 8.0.35
Apache Group Tomcat 7.0.0 － 7.0.69

Description:

CVE (CAN) ID: CVE-2016-3092

Apache Tomcat is a popular open-source JSP application server program.

Apache Tomcat's Apache Commons FileUpload component for file upload has a denial of service vulnerability. Remote attackers can exploit this vulnerability to cause the affected application to crash and cause a denial of service.

<* Source: TERASOLUNA Framework Development Team
*>

Suggestion:

Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:


Http://tomcat.apache.org/security-9.html
Http://tomcat.apache.org/security-8.html
Http://tomcat.apache.org/security-7.html

For more Tomcat tutorials, see the following:

Install and configure the Tomcat environment in CentOS 6.6

Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects

Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)

Tomcat Security Configuration and Performance Optimization

How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux

Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure

Install Tomcat in CentOS 6.5

Tomcat details: click here
Tomcat: click here

This article permanently updates the link address: