Apache Tomcat Security Bypass and Denial of Service Vulnerabilities
Apache Tomcat 5.x
Apache Tomcat 6.x
Apache Tomcat 7.x
Two vulnerabilities were reported in Apache Tomcat
A weakness and a vulnerability have been reported in Apache Tomcat, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).
1) An error within the "parseHeaders()" function (InternalNioInputBuffer.java) when parsing request headers does not properly verify the permitted size and can be exploited to trigger an OutOfMemoryError exception via specially crafted headers.
This vulnerability is reported in versions 6.0.0-6.0.35 and 7.0.0-7.0.27.
2) An error within DIGEST authentication mechanism does not properly check server nonces.
This weakness is reported in versions 5.5.0-5.5.35, 6.0.0-6.0.35, and 7.0.0-7.0.29.
A remote user can make replay attacks possible in some circumstances.
A remote user can cause denial of service conditions.