Bug 237085 (CVE-2005-3510) - CVE-2005-3510 tomcat DoS
Summary: CVE-2005-3510 tomcat DoS
Alias: CVE-2005-3510
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: All
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 237090 238402 390331 390341 390351 390361 414311 430730 430731 449337 470236 470237
Blocks: 444136
TreeView+ depends on / blocked
Reported: 2007-04-19 12:16 UTC by Mark J. Cox
Modified: 2019-09-29 12:20 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2013-05-08 18:03:51 UTC

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:1069 0 normal SHIPPED_LIVE Moderate: tomcat security update for Red Hat Network Satellite Server 2007-11-26 13:56:32 UTC
Red Hat Product Errata RHSA-2010:0602 0 normal SHIPPED_LIVE Moderate: Red Hat Certificate System 7.3 security update 2010-08-05 14:04:51 UTC

Description Mark J. Cox 2007-04-19 12:16:02 UTC
According to http://tomcat.apache.org/security-5.html

Fixed in Apache Tomcat 5.5.13, 5.0.HEAD

Denial of service CVE-2005-3510

The root cause is the relatively expensive calls required to generate the
content for the directory listings. If directory listings are enabled, the
number of files in each directory should be kepp to a minimum. In response to
this issue, directory listings were changed to be disabled by default.
Additionally, a patch has been proposed that would improve performance,
particularly for large directories, by caching directory listings.

Affects: 5.0.0-5.5.30, 5.5.0-5.5.12

Comment 1 Mark J. Cox 2007-04-19 12:16:44 UTC
(actually this issue was I believe fixed in 5.5.12 not 5.5.13; clarifying with
Tomcat security team)

Comment 2 Mark J. Cox 2007-04-23 11:06:33 UTC
Advisory text: "Directory listings were enabled by default in Tomcat and it was
found that generating listings of large directories was CPU intensive.  An
attacker could make repeated requests to obtain a directory listing of any
large directory, leading to a denial of service.  (CVE-2005-3510)"

Comment 3 Mark J. Cox 2007-04-23 11:07:59 UTC
So directory listings were disabled by default in 5.5.13 which mitigates this
issue. Changes were made in 5.5.12 which reduced the effect of this issue (once
the attacker stops making the requests, tomcat will recover, so it's only a
limited DoS)

Comment 9 errata-xmlrpc 2010-08-04 21:32:33 UTC
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html

Comment 10 Vincent Danen 2013-05-08 18:03:51 UTC
Please see https://access.redhat.com/security/cve/CVE-2005-3510 for a list of other products that contain this fix.

Note You need to log in before you can comment on or make changes to this bug.