Bug 237085 - (CVE-2005-3510) CVE-2005-3510 tomcat DoS
CVE-2005-3510 tomcat DoS
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All All
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 237090 238402 390331 390341 390351 390361 414311 430730 430731 449337 470236 470237
Blocks: 444136
  Show dependency treegraph
Reported: 2007-04-19 08:16 EDT by Mark J. Cox (Product Security)
Modified: 2013-05-08 14:03 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-05-08 14:03:51 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2007-04-19 08:16:02 EDT
According to http://tomcat.apache.org/security-5.html

Fixed in Apache Tomcat 5.5.13, 5.0.HEAD

Denial of service CVE-2005-3510

The root cause is the relatively expensive calls required to generate the
content for the directory listings. If directory listings are enabled, the
number of files in each directory should be kepp to a minimum. In response to
this issue, directory listings were changed to be disabled by default.
Additionally, a patch has been proposed that would improve performance,
particularly for large directories, by caching directory listings.

Affects: 5.0.0-5.5.30, 5.5.0-5.5.12
Comment 1 Mark J. Cox (Product Security) 2007-04-19 08:16:44 EDT
(actually this issue was I believe fixed in 5.5.12 not 5.5.13; clarifying with
Tomcat security team)
Comment 2 Mark J. Cox (Product Security) 2007-04-23 07:06:33 EDT
Advisory text: "Directory listings were enabled by default in Tomcat and it was
found that generating listings of large directories was CPU intensive.  An
attacker could make repeated requests to obtain a directory listing of any
large directory, leading to a denial of service.  (CVE-2005-3510)"
Comment 3 Mark J. Cox (Product Security) 2007-04-23 07:07:59 EDT
So directory listings were disabled by default in 5.5.13 which mitigates this
issue. Changes were made in 5.5.12 which reduced the effect of this issue (once
the attacker stops making the requests, tomcat will recover, so it's only a
limited DoS)
Comment 9 errata-xmlrpc 2010-08-04 17:32:33 EDT
This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html
Comment 10 Vincent Danen 2013-05-08 14:03:51 EDT
Please see https://access.redhat.com/security/cve/CVE-2005-3510 for a list of other products that contain this fix.

Note You need to log in before you can comment on or make changes to this bug.