Apache tomcat denial of service metasploit module

Today I saw that the metasploit project added my auxiliary module for the information disclosure and denial of service vulnerability in Apache Tomcat found by Steve Jones.

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with “recycling of a buffer.”

Apache Tomcat Transfer-Encoding Information Disclosure and DoS



Leave a Reply

Your email address will not be published. Required fields are marked *