calderpwn

Apache tomcat denial of service metasploit module

<![CDATA[

Today I saw that the metasploit project added my auxiliary module for the information disclosure and denial of service vulnerability in Apache Tomcat found by Steve Jones.

Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with “recycling of a buffer.”

Apache Tomcat Transfer-Encoding Information Disclosure and DoS

 

]]>

Leave a comment

cat /etc/about-me

@calderpwn spends peaceful days in Cozumel, a beautiful island in the Caribbean, working on remote projects, learning new technologies, developing new tools, or simply enjoying the beach.

Join the mailing list

Stay updated with the latest tips and other news of my developments by joining the newsletter. It is very low volume, I promise :)

Categories

Tags

802.11 android azure ble book books calderpwn catsniffer Conferences cozumel General GSoC hopper infosec ios iot iot hacking iot security mexico mobile security nmap nordic nostarch iot hacking oneplus owasp owasp latam tour owasp mstg owasp riviera maya Publications Research reversing scripting source code auditing sql injection tips Tutorials wifi windows wireshark

Recent Posts

Favs

DragonJAR

PWNLAB

Websec

ThreatPatrol