Info

Disclosure

Nov 03, 2005

Discovery

Unknown

Dates

Exploit

Nov 03, 2005

Solution

Unknown

Description

Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker makes multiple concurrent requests for a directory listing that contain a large number of files. With a large number of requests, an attacker can cause the server to stop processing subsequent requests.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Available
OSVDB: Web Related

Solution

Upgrade to version 5.5.12 or higher, as it has been reported to partially fix this vulnerability by allowing operations to resume after a few minutes. It is also possible to correct the flaw by implementing the following workaround(s): -Disable directory listing for web directories that has a large number of files.

Products

Apache Software Foundation	Apache Tomcat	5.5.11
		5.5.12

References

Security Tracker: 1015147
Bugtraq ID: 15325
Secunia Advisory ID: 17416 30899 30908
CVE ID: 2005-3510 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0089.html
Vendor Specific Advisory URL: http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1
Vendor URL: http://tomcat.apache.org/

Credit

David Maciejak - david.maciejakkyxar.fr -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Apache Software Foundation

Apache Tomcat

References

Credit