UTF-8 Decoder Vulnerability in Apache Tomcat
CVE-2018-1336

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 2 August 2018

🔔 Create Apache Vulnerability Alert

What is CVE-2018-1336?

An improper handling of overflow in the UTF-8 decoder can result in an infinite loop, potentially leading to a Denial of Service condition. This vulnerability affects specific versions of Apache Tomcat, rendering systems unable to respond to valid requests, and may allow attackers to disrupt service availability.

Affected Version(s)

Apache Tomcat 9.0.0.M9 to 9.0.7

Apache Tomcat 8.5.0 to 8.5.30

Apache Tomcat 8.0.0.RC1 to 8.0.51

References

https://usn.ubuntu.com/3723-1/

vendor-advisoryx_refsource_UBUNTU

http://www.securityfocus.com/bid/104898

vdb-entryx_refsource_BID

https://access.redhat.com/errata/RHSA-2018:2740

vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 2, 2018
Vulnerability Reserved
Dec 7, 2017

.