ID de Prueba:	1.3.6.1.4.1.25623.1.0.810766
Categoría:	Web Servers
Título:	Apache Tomcat DoS and Information Disclosure Vulnerabilities (Windows)
Resumen:	Apache Tomcat is prone to denial of service and information disclosure vulnerabilities.
Descripción:	Summary: Apache Tomcat is prone to denial of service and information disclosure vulnerabilities. Vulnerability Insight: - The handling of an HTTP/2 GOAWAY frame for a connection did not close streams associated with that connection that were currently waiting for a WINDOW_UPDATE before allowing the application to write more data - The refactoring of the HTTP connectors for 8.5.x onwards, introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. Vulnerability Impact: Successful exploitation will allow remote attackers to consume all available processing threads and obtain sensitive information from requests other then their own. Affected Software/OS: Apache Tomcat versions 9.0.0.M1 to 9.0.0.M18 and Apache Tomcat versions 8.5.0 to 8.5.12 on Windows Solution: Upgrade to version 9.0.0.M19, 8.5.13 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5650 BugTraq ID: 97531 http://www.securityfocus.com/bid/97531 https://security.gentoo.org/glsa/201705-09 https://lists.apache.org/thread.html/eb6efa8d59c45a7a9eff94c4b925467d3b3fec8ba7697f3daa314b04@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/88855876c33f2f9c532ffb75bfee570ccf0b17ffa77493745af9a17a@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6af47120905aa7d8fe12f42e8ff2284fb338ba141d3b77b8c7cb61b3@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r3bbb800a816d0a51eccc5a228c58736960a9fffafa581a225834d97d@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/r48c1444845fe15a823e1374674bfc297d5008a5453788099ea14caf0@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/d24303fb095db072740d8154b0f0db3f2b8f67bc91a0562dbe89c738@%3Cannounce.tomcat.apache.org%3E http://www.securitytracker.com/id/1038217 Common Vulnerability Exposure (CVE) ID: CVE-2017-5651 BugTraq ID: 97544 http://www.securityfocus.com/bid/97544 https://lists.apache.org/thread.html/5c0e00fd31efc11e147bf99d0f03c00a734447d3b131ab0818644cdb@%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/6694538826b87522fb723d2dcedd537e14ebe0a381d92e5525a531d8@%3Cannounce.tomcat.apache.org%3E http://www.securitytracker.com/id/1038219
Copyright	Copyright (C) 2017 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.