Bugzilla – Bug 926762
VUL-1: CVE-2014-0230: tomcat6,tomcat5: non-persistent DoS attack by feeding data by aborting an upload
Last modified: 2016-09-08 22:20:18 UTC
It is possible for a remote attacker to trigger a non-persistent DoS attack by feeding data by aborting an upload. Upstream commit on 7.0.x branch is: http://svn.apache.org/viewvc?view=revision&revision=1603781 This was applied to tomcat 7, it was not backported to tomcat6 or 5. References: https://bugzilla.redhat.com/show_bug.cgi?id=1191200 http://seclists.org/oss-sec/2015/q2/93 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0230
Trunk commits are as follows: $ svn log https://svn.apache.org/repos/asf/tomcat/ -r1603770 -v ------------------------------------------------------------------------ r1603770 | markt | 2014-06-19 11:06:39 +0200 (Thu, 19 Jun 2014) | 1 line Changed paths: M /tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Processor.java M /tomcat/trunk/java/org/apache/coyote/http11/AbstractHttp11Protocol.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11AprProtocol.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Processor.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11Nio2Protocol.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11NioProcessor.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11NioProtocol.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java M /tomcat/trunk/java/org/apache/coyote/http11/Http11Protocol.java M /tomcat/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java M /tomcat/trunk/java/org/apache/coyote/http11/filters/IdentityInputFilter.java M /tomcat/trunk/java/org/apache/coyote/http11/filters/LocalStrings.properties M /tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java M /tomcat/trunk/webapps/docs/changelog.xml M /tomcat/trunk/webapps/docs/config/http.xml Add a new limit, defaulting to 2MB, for the amount of data Tomcat will swallow for an aborted upload. ------------------------------------------------------------------------ $ svn log https://svn.apache.org/repos/asf/tomcat/ -r1603775 -v ------------------------------------------------------------------------ r1603775 | markt | 2014-06-19 11:26:32 +0200 (Thu, 19 Jun 2014) | 1 line Changed paths: M /tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java Correct test. Exceeded the swallow limit aborts the connection. ------------------------------------------------------------------------ $ svn log https://svn.apache.org/repos/asf/tomcat/ -r1603779 -v ------------------------------------------------------------------------ r1603779 | markt | 2014-06-19 11:30:52 +0200 (Thu, 19 Jun 2014) | 1 line Changed paths: M /tomcat/trunk/test/org/apache/catalina/core/TestSwallowAbortedUploads.java Grr. Different behaviours on different OSes ------------------------------------------------------------------------
SLE 12 GA has 7.0.55. The /tomcat/tc7.0.x/trunk r1603781 is contained in that tag. SLE 12 not affected. > ------------------------------------------------------------------------ > r1611608 | violetagg | 2014-07-18 14:21:11 +0200 (Fri, 18 Jul 2014) | 1 line > Changed paths: > A /tomcat/tc7.0.x/tags/TOMCAT_7_0_55 (from /tomcat/tc7.0.x/trunk:1611605) > M /tomcat/tc7.0.x/tags/TOMCAT_7_0_55/build.properties.default > > Tag 7.0.55 > ------------------------------------------------------------------------ > r1611335 | violetagg | 2014-07-17 14:00:15 +0200 (Thu, 17 Jul 2014) | 1 line > Changed paths: > D /tomcat/tc7.0.x/tags/TOMCAT_7_0_55 > > Drop the tag in order to get additional fixes. > ------------------------------------------------------------------------ > r1609528 | violetagg | 2014-07-10 19:54:52 +0200 (Thu, 10 Jul 2014) | 1 line > Changed paths: > A /tomcat/tc7.0.x/tags/TOMCAT_7_0_55 (from /tomcat/tc7.0.x/trunk:1609522) > M /tomcat/tc7.0.x/tags/TOMCAT_7_0_55/build.properties.default > > Tag 7.0.55 > ------------------------------------------------------------------------ > r1595997 | violetagg | 2014-05-19 21:15:46 +0200 (Mon, 19 May 2014) | 1 line > Changed paths: > A /tomcat/tc7.0.x/tags/TOMCAT_7_0_54 (from /tomcat/tc7.0.x/trunk:1595993) > M /tomcat/tc7.0.x/tags/TOMCAT_7_0_54/build.properties.default > > Tag 7.0.54 > ------------------------------------------------------------------------
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-07-02. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62034
released
SUSE-SU-2015:1337-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 906152,917127,918195,926762,931442,932698 CVE References: CVE-2014-0227,CVE-2014-0230,CVE-2014-7810 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): tomcat6-6.0.41-0.45.1 SUSE Linux Enterprise Server 11 SP3 (src): tomcat6-6.0.41-0.45.1
SUSE-SU-2015:1565-1: An update that solves three vulnerabilities and has three fixes is now available. Category: security (moderate) Bug References: 906152,917127,926762,931442,932698,934219 CVE References: CVE-2014-0227,CVE-2014-0230,CVE-2014-7810 Sources used: SUSE Linux Enterprise Server 11-SP4 (src): tomcat6-6.0.41-0.47.1