Apache Tomcat block Request Remote Denial of Service Vulnerability (CVE-2014-0075)

Release date:
Updated on:

Affected Systems:
Apache Group Tomcat 8.0.0-RC1-8.0.3
Apache Group Tomcat 7.0.0-7.0.52
Apache Group Tomcat 6.0.0-6.0.39
Description:
--------------------------------------------------------------------------------
Bugtraq id: 67671
CVE (CAN) ID: CVE-2014-0075
 
Apache Tomcat is a popular open-source JSP application server program.
 
Apache Tomcat 8.0.0-RC1-8.0.3, 7.0.0-7.0.52, 6.0.0-6.0.39 versions have security vulnerabilities on malformed block size requests, which can send a large amount of data to the server, A denial of service is caused by bypassing various size restrictions on the request.
 

<* Source: Tomcat users mailing list

Link: http://secunia.com/advisories/57879/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 

[1] http://tomcat.apache.org/security-8.html
[2] http://tomcat.apache.org/security-7.html
[3] http://tomcat.apache.org/security-6.html

Deploy Solr 4 on Ubuntu 12.04 LTS through Tomcat

Deploy Solr (4.4) to Tomcat (7.0.53) in Ubuntu)

Load Balancing between Apache and multiple Tomcat clusters in Linux

Nginx Tomcat Cluster load balancing solution notes

Instance details Tomcat component installation + Nginx reverse proxy Tomcat + Apache use mod_jk and mod_proxy Reverse Proxy and load balancing

Build an Apache + Tomcat environment (JK deployment process)

Tomcat details: click here
Tomcat: click here

This article permanently updates the link address: