CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
EPSS
Percentile
94.1%
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9
does not properly handle cases where an HTTP response occurs before
finishing the reading of an entire request body, which allows remote
attackers to cause a denial of service (thread consumption) via a series of
aborted upload attempts.
Author | Note |
---|---|
mdeslaur | ASF says this is a low severity issue that, unlike the original description, can’t cause memory consumption, only a limited denial of service. http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/<554949D1.8030904%40apache.org> |