Tomcat burst number for the CVE-2 0 1 4-0 2 3 0 DoS denial of service vulnerability. The vulnerability risk level is LOW, the impact of the version include:
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.43
The problem occurs in with the request body of the request get a response before the request body has not been read is completed, this time Tomcat will default to the reservation request, and the request size limit. This will lead to a potential DoS risk, as Tomcat will never close this connection. This issue is a red cap in 4 month 9 days the product security released. The issue does not affect file upload.
- - Upgrade to Apache Tomcat 8.0.9 or later
- - Upgrade to Apache Tomcat 7.0.55 or later
- - Upgrade to Apache Tomcat 6.0.44 or later once released