The fix for CVE-2012-3544 was not complete. It did not cover the following cases: a) Chunk extensions were not limited b) Whitespace after the : in a trailing header was not limited This has been corrected in upstream versions 8.0.0-rc10 [1],[2], 7.0.50 [3],[4], and 6.0.39 [5] [1] http://svn.apache.org/viewvc?view=revision&revision=1521834 [2] http://svn.apache.org/viewvc?view=revision&revision=1549522 [3] http://svn.apache.org/viewvc?view=revision&revision=1521864 [4] http://svn.apache.org/viewvc?view=revision&revision=1549523 [5] http://svn.apache.org/viewvc?view=revision&revision=1556540 This could lead to a remote attacker causing a denial of service by streaming data, because Tomcat did not fully handle chunk extensions in chunked transfer coding.
Created tomcat tracking bugs for this issue: Affects: fedora-all [bug 1069925]
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0429 https://rhn.redhat.com/errata/RHSA-2014-0429.html
This issue has been addressed in following products: JBoss Enterprise Web Server 2.0.1 Via RHSA-2014:0528 https://rhn.redhat.com/errata/RHSA-2014-0528.html
This issue has been addressed in following products: JBoss Enterprise Web Server 2.0.1 Via RHSA-2014:0527 https://rhn.redhat.com/errata/RHSA-2014-0527.html
This issue has been addressed in following products: JBEWS 2 for RHEL 5 JBEWS 2 for RHEL 6 Via RHSA-2014:0525 https://rhn.redhat.com/errata/RHSA-2014-0525.html
This issue has been addressed in following products: JBEWS 2 for RHEL 5 JBEWS 2 for RHEL 6 Via RHSA-2014:0526 https://rhn.redhat.com/errata/RHSA-2014-0526.html
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0686 https://rhn.redhat.com/errata/RHSA-2014-0686.html
tomcat-7.0.52-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.