Tomcat6 version below 6.0.32 can be easily brought down
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tomcat6 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Maverick |
Fix Released
|
Medium
|
Unassigned | ||
Natty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: tomcat6
Tomcat can be DOSed by making mutiple (>200) GET requests with Accept-Language: en-us;q=
Explanation:
There is a known bug in Java: it goes into infinite loop when trying to parse "2.225073858507
When one executes GET request with the Accept-Language header specified above one of tomcat's worker threads goes into infinite loop.
Tomcat has max 200 or so worker threads by default, so after executing the malicious GET request more than 200 times all worker threads are stuck and tomcat is not able to process further requests.
The bug was fixed in tomcat 6.0.32 ("Improve HTTP specification compliance in support of Accept-Language header. (kkolinko)").
The bug is reproducible always and is pretty critical, so I hope it will be resolved in the near time.
My environments:
1)
ubuntu: Ubuntu 10.04.1 LTS
tomcat6: 6.0.24-2ubuntu1.6
openjdk-6-jdk: 6b20-1.
2)
ubuntu: Ubuntu 10.10
tomcat6: 6.0.28-2ubuntu1.1
openjdk-6-jdk: 6b20-1.9.5-0ubuntu1
There is also a patch for open jdk that solves the problem: https:/ /bugs.openjdk. java.net/ show_bug. cgi?id= 100119