F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL17123)
High Nessus Plugin ID 91301
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionApache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution SOL17123.