All Vulnerability Reports

CVE-2018-1336: Apache Tomcat - UTF-8 decoder can lead to DoS


Severity

Important

References
Description

An improper handling of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service.

Affected Pivotal Products and Versions

Severity is important unless otherwise noted.

  • Pivotal tc Server versions:
    • 3.1.0.RELEASE to 3.1.13.RELEASE
    • 3.2.0.RELEASE to 3.2.9.RELEASE
    • 4.0.0
  • Pivotal tc Server individual runtime versions:
    • 7.0.59.B to 7.0.84.B.RELEASE
    • 8.0.20.B.RELEASE to 8.0.49.B.RELEASE
    • 8.5.4.B.RELEASE to 8.5.27.B.RELEASE
    • 9.0.6.B.RELEASE
Mitigation

Users of affected versions should apply the following mitigation:

  • Releases that have fixed this issue include:
    • Pivotal tc Server versions:
      • 3.1.14.RELEASE and later
      • 3.2.10.RELEASE and later
      • 4.0.1.RELEASE and later
    • Pivotal tc Server individual runtime versions:
      • 7.0.86.B.RELEASE and later
      • 8.0.51.B.RELEASE and later
      • 8.5.30.B.RELEASE and later
      • 9.0.7.B.RELEASE and later