Affected system:
> The Apache Group Tomcat 8.0.0-RC1 – 8.0.8
Apache Group Tomcat 7.0.0 – 7.0.54
Apache Group Tomcat 6.0.0 – 6.0.43
Description:
CVE(CAN) ID: CVE-2 0 1 4-0 2 3 0
Apache Tomcat is a popular open source JSP application server program.
Not reading the request body, i.e. the response to the request is returned to the user agent, Tomcat by default will trust the rest of the request body, then processing the connection on the next request. Tomcat to trust the request body size is not limited. Tomcat does close the connection, the processing thread will also remain connected, this can lead to a limited denial of service.
<*source: AntBean@secdig
*>
Recommendations:
Manufacturers patch:
The current vendors have released an upgrade patch to fix this security issue, please go to the manufacturers home page download:
[1] <http://tomcat.apache.org/security-8.html>
[2] <http://tomcat.apache.org/security-7.html>
[3] <http://tomcat.apache.org/security-6.html>
[4] <http://www.openwall.com/lists/oss-security/2015/04/10/1>