237085 – (CVE-2005-3510) CVE-2005-3510 tomcat DoS

Bug 237085 (CVE-2005-3510) - CVE-2005-3510 tomcat DoS

Summary: CVE-2005-3510 tomcat DoS

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2005-3510
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	237090 238402 390331 390341 390351 390361 414311 430730 430731 449337 470236 470237
Blocks:	444136
TreeView+	depends on / blocked

Reported:	2007-04-19 12:16 UTC by Mark J. Cox
Modified:	2019-09-29 12:20 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-05-08 18:03:51 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2007:1069	0	normal	SHIPPED_LIVE	Moderate: tomcat security update for Red Hat Network Satellite Server	2007-11-26 13:56:32 UTC
Red Hat Product Errata	RHSA-2010:0602	0	normal	SHIPPED_LIVE	Moderate: Red Hat Certificate System 7.3 security update	2010-08-05 14:04:51 UTC

Description Mark J. Cox 2007-04-19 12:16:02 UTC

According to http://tomcat.apache.org/security-5.html

Fixed in Apache Tomcat 5.5.13, 5.0.HEAD

Denial of service CVE-2005-3510

The root cause is the relatively expensive calls required to generate the
content for the directory listings. If directory listings are enabled, the
number of files in each directory should be kepp to a minimum. In response to
this issue, directory listings were changed to be disabled by default.
Additionally, a patch has been proposed that would improve performance,
particularly for large directories, by caching directory listings.

Affects: 5.0.0-5.5.30, 5.5.0-5.5.12

Comment 1 Mark J. Cox 2007-04-19 12:16:44 UTC

(actually this issue was I believe fixed in 5.5.12 not 5.5.13; clarifying with
Tomcat security team)

Comment 2 Mark J. Cox 2007-04-23 11:06:33 UTC

Advisory text: "Directory listings were enabled by default in Tomcat and it was
found that generating listings of large directories was CPU intensive.  An
attacker could make repeated requests to obtain a directory listing of any
large directory, leading to a denial of service.  (CVE-2005-3510)"

Comment 3 Mark J. Cox 2007-04-23 11:07:59 UTC

So directory listings were disabled by default in 5.5.13 which mitigates this
issue. Changes were made in 5.5.12 which reduced the effect of this issue (once
the attacker stops making the requests, tomcat will recover, so it's only a
limited DoS)

Comment 9 errata-xmlrpc 2010-08-04 21:32:33 UTC

This issue has been addressed in following products:

  Red Hat Certificate System 7.3

Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html

Comment 10 Vincent Danen 2013-05-08 18:03:51 UTC

Please see https://access.redhat.com/security/cve/CVE-2005-3510 for a list of other products that contain this fix.

Note You need to log in before you can comment on or make changes to this bug.