This Metasploit module uses a denial-of-service (DoS) condition appearing in a variety of programming languages. This vulnerability occurs when storing multiple values in a hash table and all values have the same hash value. This can cause a web server parsing the POST parameters issued with a request into a hash table to consume hours of CPU with a single HTTP request. Currently, only the hash functions for PHP and Java are implemented. This Metasploit module was tested with PHP + httpd, Tomcat, Glassfish and Geronimo. It also generates a random payload to bypass some IDS signatures.
b029e67e4fc45769ef0806adf780beee36692122a886f5bb14135c025f43efbcHP Security Bulletin HPSBMU02894 - Potential security vulnerabilities have been identified with HP Network Node Manager I (NNMi) on HP-UX, Linux, Solaris, and Windows. These vulnerabilities could be remotely exploited resulting in a Denial of Service (DoS) or unauthorized access or execution of arbitrary code. Revision 1 of this advisory.
eacd5c85848fe70e3b06674a93d19b20ce220a3b1047e565ac14544a22f6e877HP Security Bulletin HPSBUX02860 SSRT101146 - Potential security vulnerabilities have been identified with HP-UX Apache running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass, unauthorized modification, and other vulnerabilities. Revision 1 of this advisory.
3a2ec4c66b8a63342dc058e636fe5628f6ab4c3fd27f829156c41caf8a44c2d1Gentoo Linux Security Advisory 201206-24 - Multiple vulnerabilities were found in Apache Tomcat, the worst of which allowing to read, modify and overwrite arbitrary files. Versions 5.5.34 are affected.
2554deef0443d375e952662e346879fa72a6339fcb77237d7e198b3b4d27ff87Red Hat Security Advisory 2012-0681-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also resolves multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.
476d8682a9dc81de542af39a135df9462d83db56715407ea95d50226c75892c0Red Hat Security Advisory 2012-0679-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.
69361321d1bf1682c0efc1e8e0c3abaf9cf424352789563207afb0732798160fRed Hat Security Advisory 2012-0682-01 - Apache Tomcat is a servlet container. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update fixes the JBPAPP-4873, JBPAPP-6133, and JBPAPP-6852 bugs. It also addresses multiple flaws that weakened the Tomcat HTTP DIGEST authentication implementation, subjecting it to some of the weaknesses of HTTP BASIC authentication, for example, allowing remote attackers to perform session replay attacks.
a7981af462ded26dc5b525b00d9463603ff70a82bbc57c62341f258e1aba5de8Red Hat Security Advisory 2012-0680-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. JBoss Enterprise Web Server includes the Tomcat Native library, providing Apache Portable Runtime support for Tomcat. This update includes bug fixes as documented in JBPAPP-4873 and JBPAPP-6133.
db2cede27257c0c7eb5afeeba0d2abaa2a7c74f2786187c29b2569f1202cc6a1Red Hat Security Advisory 2012-0475-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
c5af0b87c0d07cfe6780ed6a76d4bce133b1d1406b01562b9076a80e82021b72Red Hat Security Advisory 2012-0474-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause Tomcat to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties.
dbddb067eea6285ae03840af13f5b96e3c76ac98669cc499d09536c755bea07dHP Security Bulletin HPSBMU02747 SSRT100771 - Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM) running Apache Tomcat. The vulnerabilities could be exploited remotely to create a Denial of Service (DoS). Revision 1 of this advisory.
c9b0b0e660e5ff3746af0070f2ac163f913dacda8b2dfada5c74105a85308a96Red Hat Security Advisory 2012-0406-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 3.0.1 release serves as a replacement for JBoss ON 3.0.0, and includes several bug fixes.
360d101810e6235cc19b655e12a4aa1d69327636cb618300fd94bdd33f5fd22eHP Security Bulletin HPSBUX02741 SSRT100728 2 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 2 of this advisory.
55cdfcc13a7fe14d92fa9c28027368bdaa391209c80e57fec15c56acf2bdeff9Red Hat Security Advisory 2012-0325-01 - JBoss Web is a web container based on Apache Tomcat. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. Various other issues were addressed.
d22d787c4112a659c3c9e4f42170042f88ea6052206c4cfb93c8a3c97eae2892Ubuntu Security Notice 1359-1 - It was discovered that Tomcat incorrectly performed certain caching and recycling operations. A remote attacker could use this flaw to obtain read access to IP address and HTTP header information in certain cases. This issue only applied to Ubuntu 11.10. It was discovered that Tomcat computed hash values for form parameters without restricting the ability to trigger hash collisions predictably. A remote attacker could cause a denial of service by sending many crafted parameters. Various other issues were also addressed.
495d0e97ad605d33e3ed8ebbdffa82eb097bdbd6c031ae53360b075401528d81HP Security Bulletin HPSBUX02741 SSRT100728 - Potential security vulnerabilities have been identified with HP-UX Apache Running Tomcat Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to perform an access restriction bypass. The Tomcat-based Servlet Engine is contained in the HP-UX Apache Web Server Suite. Revision 1 of this advisory.
4a4c267d9d541a369ea92c687c9df43f531dfb40dcc39d4aae8a349d0e276192Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.
8d477b129cade9168945756f320e10f89d8e0cf7bba8bf7336e147cc0e23f36aDebian Linux Security Advisory 2401-1 - Several vulnerabilities have been found in Tomcat, a servlet and JSP engine.
fd0c86bea564b0c59c9ad7ec2cb55320fe1b0189ef7552749d858a50adad96a8Red Hat Security Advisory 2012-0089-01 - JBoss Operations Network is a middleware management solution that provides a single point of control to deploy, manage, and monitor JBoss Enterprise Middleware, applications, and services. This JBoss ON 2.4.2 release serves as a replacement for JBoss ON 2.4.1, and includes several bug fixes.
7178588f30ba4bd4d6f52da97027502090e75fdc4cc09fcce68a551d4ef378f1Red Hat Security Advisory 2012-0078-01 - The JBoss Communications Platform is an open source VoIP platform certified for JAIN SLEE 1.1 and SIP Servlets 1.1 compliance. JBCP serves as a high performance core for Service Delivery Platforms and IP Multimedia Subsystems by leveraging J2EE to enable the convergence of data and video in Next-Generation Intelligent Network applications. This JBoss Communications Platform 5.1.3 release serves as a replacement for JBoss Communications Platform 5.1.2, and includes various bug fixes.
1b76efafa7c43f4568ee8540f9a99ef162667ab5441d65314304195616d9d9b0Red Hat Security Advisory 2012-0074-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
695e031cafab885e3b33ac9cfc4d29d7d6668de2559566e57b6c6021f0e19b4eRed Hat Security Advisory 2012-0075-01 - JBoss Web is the web container, based on Apache Tomcat, in JBoss Enterprise Application Platform. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
3967876ba80d348d6a7fa18fec993a5850529c859a7070df5abbd60a9a1cc5c2Red Hat Security Advisory 2012-0077-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".
62189c2efd836c99ad687dbdd17abd498e1f9ee30e32a8d54d4d85ae4f68bce5Red Hat Security Advisory 2012-0076-01 - JBoss Web is a web container based on Apache Tomcat. It provides a single deployment platform for the JavaServer Pages and Java Servlet technologies. A flaw was found in the way JBoss Web handled UTF-8 surrogate pair characters. If JBoss Web was hosting an application with UTF-8 character encoding enabled, or that included user-supplied UTF-8 strings in a response, a remote attacker could use this flaw to cause a denial of service on the JBoss Web server. It was found that the Java hashCode() method implementation was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause JBoss Web to use an excessive amount of CPU time by sending an HTTP request with a large number of parameters whose names map to the same hash value. This update introduces a limit on the number of parameters and headers processed per request to mitigate this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the "-Dorg.apache.tomcat.util.http.Parameters.MAX_COUNT=x" and "-Dorg.apache.tomcat.util.http.MimeHeaders.MAX_COUNT=x" system properties as JAVA_OPTS entries in "jboss-as-web/bin/run.conf".
c37cdb370faed7aec780b9b7f3059e2ba1f342262670c61553cb34a4e6c9b355
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed