Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
BID:104898
CVE-2018-1336 |Info
Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
| Bugtraq ID: | 104898 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2018-1336 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2018 12:00AM |
| Updated: | Jul 22 2018 12:00AM |
| Credit: | The vendor reported this issue. |
| Vulnerable: |
Redhat JBoss Web Server (JWS) 3.0 Redhat JBoss EWS 2 Redhat Jboss EAP 6 Redhat Enterprise Linux 7 Apache Tomcat 9.0.7 Apache Tomcat 9.0.5 Apache Tomcat 9.0.4 Apache Tomcat 9.0.1 Apache Tomcat 8.5.28 Apache Tomcat 8.5.27 Apache Tomcat 8.5.23 Apache Tomcat 8.5.16 Apache Tomcat 8.5.15 Apache Tomcat 8.5.14 Apache Tomcat 8.5.13 Apache Tomcat 8.5.12 Apache Tomcat 8.5.11 Apache Tomcat 8.5.9 Apache Tomcat 8.5.8 Apache Tomcat 8.5.7 Apache Tomcat 8.5.6 Apache Tomcat 8.5.5 Apache Tomcat 8.5.4 Apache Tomcat 8.5.1 Apache Tomcat 8.0.51 Apache Tomcat 8.0.50 Apache Tomcat 8.0.49 Apache Tomcat 8.0.47 Apache Tomcat 8.0.45 Apache Tomcat 8.0.44 Apache Tomcat 8.0.43 Apache Tomcat 8.0.42 Apache Tomcat 8.0.41 Apache Tomcat 8.0.40 Apache Tomcat 8.0.39 Apache Tomcat 8.0.38 Apache Tomcat 8.0.37 Apache Tomcat 8.0.36 Apache Tomcat 8.0.35 Apache Tomcat 8.0.34 Apache Tomcat 8.0.33 Apache Tomcat 8.0.30 Apache Tomcat 8.0.27 Apache Tomcat 8.0.19 Apache Tomcat 8.0.17 Apache Tomcat 8.0.15 Apache Tomcat 8.0.5 Apache Tomcat 8.0.3 Apache Tomcat 8.0.1 Apache Tomcat 7.0.86 Apache Tomcat 7.0.85 Apache Tomcat 7.0.84 Apache Tomcat 7.0.82 Apache Tomcat 7.0.81 Apache Tomcat 7.0.80 Apache Tomcat 7.0.79 Apache Tomcat 7.0.78 Apache Tomcat 7.0.77 Apache Tomcat 7.0.76 Apache Tomcat 7.0.75 Apache Tomcat 7.0.74 Apache Tomcat 7.0.73 Apache Tomcat 7.0.72 Apache Tomcat 7.0.70 Apache Tomcat 7.0.69 Apache Tomcat 7.0.67 Apache Tomcat 7.0.65 Apache Tomcat 7.0.60 Apache Tomcat 7.0.59 Apache Tomcat 7.0.57 Apache Tomcat 7.0.54 Apache Tomcat 7.0.53 Apache Tomcat 7.0.50 Apache Tomcat 7.0.33 Apache Tomcat 7.0.32 Apache Tomcat 7.0.31 Apache Tomcat 7.0.30 Apache Tomcat 7.0.29 Apache Tomcat 7.0.28 Apache Tomcat 9.0.0.M9 Apache Tomcat 9.0.0.M22 Apache Tomcat 9.0.0.M21 Apache Tomcat 9.0.0.M20 Apache Tomcat 9.0.0.M19 Apache Tomcat 9.0.0.M18 Apache Tomcat 9.0.0.M17 Apache Tomcat 9.0.0.M15 Apache Tomcat 9.0.0.M13 Apache Tomcat 9.0.0.M12 Apache Tomcat 9.0.0.M11 Apache Tomcat 9.0.0.M10 Apache Tomcat 8.5.30 Apache Tomcat 8.5.3 Apache Tomcat 8.5.2 Apache Tomcat 8.5.0 Apache Tomcat 8.0.32 Apache Tomcat 8.0.0.RC1 Apache Tomcat 8.0.0-RC6 Apache Tomcat 8.0.0-RC5 Apache Tomcat 8.0.0-RC3 Apache Tomcat 8.0.0-RC10 Apache Tomcat 8.0.0-RC1 Apache Tomcat 8.0.0 Rc5 Apache Tomcat 8.0.0 Rc2 Apache Tomcat 8.0.0 Rc10 Apache Tomcat 8.0.0 Rc1 Apache Tomcat 7.0.68 Apache Tomcat 7.0.55 Apache Tomcat 7.0.49 Apache Tomcat 7.0.48 Apache Tomcat 7.0.47 Apache Tomcat 7.0.46 Apache Tomcat 7.0.45 Apache Tomcat 7.0.44 Apache Tomcat 7.0.43 Apache Tomcat 7.0.42 Apache Tomcat 7.0.41 Apache Tomcat 7.0.40 Apache Tomcat 7.0.39 Apache Tomcat 7.0.38 Apache Tomcat 7.0.37 Apache Tomcat 7.0.36 Apache Tomcat 7.0.35 Apache Tomcat 7.0.34 |
| Not Vulnerable: |
Apache Tomcat 9.0.8 Apache Tomcat 8.5.31 Apache Tomcat 8.0.52 Apache Tomcat 7.0.88 |
Discussion
Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
Apache Tomcat is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions.
The following versions are affected:
Apache Tomcat 9.0.0.M9 through 9.0.7
Apache Tomcat 8.5.0 through 8.5.30
Apache Tomcat 8.0.0.RC1 through 8.0.51
Apache Tomcat 7.0.28 through 7.0.86
Apache Tomcat is prone to a denial-of-service vulnerability.
Attackers can exploit this issue to cause the application to enter an infinite loop, resulting in denial-of-service conditions.
The following versions are affected:
Apache Tomcat 9.0.0.M9 through 9.0.7
Apache Tomcat 8.5.0 through 8.5.30
Apache Tomcat 8.0.0.RC1 through 8.0.51
Apache Tomcat 7.0.28 through 7.0.86
Exploit / POC
Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Apache Tomcat CVE-2018-1336 Denial of Service Vulnerability
References:
References:
- Apache Tomcat Homepage (Apache)
- Apache Tomcat 8.x vulnerabilities (Apache)
- Apache Tomcat 9.x vulnerabilities (Apache)
- Bug 1607591 - (CVE-2018-1336) CVE-2018-1336 tomcat: A bug in the UTF-8 decoder (Redhat)
- CVE-2018-1336 (Redhat)
- CVE-2018-1336 Apache Tomcat - Denial of Service (Apache)
- Revision 1830373 (Apache)
- Revision 1830375 (Apache)
- SYMSA1463: Apache Tomcat Vulnerabilities Jan-Aug 2018 (Symantec)