CVE-2005-3510 — Allocation of Resources Without Limits or Throttling in Apache Tomcat

CWE-770 — Allocation of Resources Without Limits or Throttling9 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

20.5%

top 4.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedNov 6

Latest updateMay 1

Description

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat12 versions+11

Patches

Patch: securitytracker.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests↗2022-05-01

▶

OSV

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests↗2022-05-01

▶

CVEList

CVE-2005-3510: Apache Tomcat 5↗2005-11-06

▶

📋Vendor Advisories

Red Hat

tomcat DoS↗2005-11-03

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶

Bugzilla

CVE-2005-2090 multiple tomcat issues (CVE-2007-0450 CVE-2006-7195 CVE-2006-7196 CVE-2007-1858 CVE-2006-3835 CVE-2005-3510 CVE-2005-4838)↗2007-04-30

▶

Bugzilla

CVE-2005-3510 tomcat DoS↗2007-04-19

▶

Bugzilla

CVE-2005-3510 Possible Tomcat DoS↗2005-11-07

▶