Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Apache Tomcat 7.0.x < 7.0.70 / 8.0.x < 8.0.36 / 8.5.x < 8.5.3 / 9.x < 9.0.0M8 DoS

High

Synopsis

The remote web server is missing an Apache Tomcat patch update.

Description

The version of Apache Tomcat installed on the remote host is version 7.0.x prior to 7.0.70, 8.0.x prior to 8.0.36, 8.5.x prior to 8.5.3, or 9.x prior to 9.0.0M8, and is therefore affected by a flaw in 'boundaries' within content-type headers when handling file upload requests. This may allow a remote attacker to cause a process linked against the library to become unresponsive.

Solution

Update to Apache Tomcat version 9.0.0M8 or later. If version 9.x cannot be obtained, versions 8.5.3, 8.0.36, and 7.0.70 have also been patched for these vulnerabilities.