Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 9 | all | tomcat7 | <ย 7.0.75-1 | tomcat7_7.0.75-1_all.deb |
Debian | 9 | all | tomcat8 | <ย 8.5.54-0+deb9u1 | tomcat8_8.5.54-0+deb9u1_all.deb |