CVE-2018-1336

CWE-835 CWE-1336 CWE-31117 documents9 sources

Severity

7.5HIGH

EPSS

18.6%

top 4.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat Apache Software Foundation Apache Tomcat Canonical Ubuntu Linux +6 more

Timeline

PublishedAug 2

Latest updateMay 13

Description

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages10 packages

▶Mavenorg.apache.tomcat.embed:tomcat-embed-core9.0.0.M9 — 9.0.8+3

▶NVDapache/tomcat7.0.28 — 7.0.86+5

▶CVEListV5apache_software_foundation/apache_tomcat4 versions+3

▶Ubuntutomcat7< 7.0.52-1ubuntu0.15+1

▶Ubuntutomcat8< 8.0.32-1ubuntu1.7+1

Also affects: Debian Linux 8.0, 9.0, Ubuntu Linux 14.04, 16.04

🔴Vulnerability Details

GHSA

Craft CMS Vulnerable to Server-Side Template Injection↗2022-05-13

▶

OSV

tomcat7 vulnerabilities↗2021-03-15

▶

OSV

In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder↗2018-10-17

▶

GHSA

In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder↗2018-10-17

▶

CVEList

CVE-2018-1336: An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Ser↗2018-08-02

▶

📋Vendor Advisories

Ubuntu

Apache Tomcat 7 vulnerabilities↗2021-03-15

▶

Ubuntu

Tomcat vulnerabilities↗2018-07-25

▶

Red Hat

tomcat: A bug in the UTF-8 decoder can lead to DoS↗2018-07-22

▶

Debian

CVE-2018-1336: tomcat9 - An improper handing of overflow in the UTF-8 decoder with supplementary characte...↗2018

▶

Apache

Apache tomcat: CVE-2018-1336↗

▶

💬Community

Bugzilla

CVE-2018-18023 ImageMagick: heap-based buffer over-read in the SVGStripString function of coders/svg.c↗2018-10-08

▶

Bugzilla

CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS [epel-all]↗2018-09-03

▶

Bugzilla

CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS [fedora-all]↗2018-09-03

▶

Bugzilla

CVE-2018-1336 tomcat: A bug in the UTF-8 decoder can lead to DoS↗2018-07-23

▶