Vulnerability-Lookup

CVE-2005-3510 (GCVE-0-2005-3510)

Vulnerability from cvelistv5 – Published: 2005-11-06 16:00 – Updated: 2024-08-07 23:17

Summary

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2006-01…	vendor-advisoryx_refsource_REDHAT
	http://tomcat.apache.org/security-4.html	x_refsource_CONFIRM
	http://secunia.com/advisories/30908	third-party-advisoryx_refsource_SECUNIA
	http://secunia.com/advisories/17416	third-party-advisoryx_refsource_SECUNIA
	http://sunsolve.sun.com/search/document.do?assetk…	vendor-advisoryx_refsource_SUNALERT
	http://www.osvdb.org/20439	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/30899	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/15325	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/1979…	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/archive/1/500412/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/33668	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/500396/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/415782/30/…	mailing-listx_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2009/0233	vdb-entryx_refsource_VUPEN
	http://securitytracker.com/id?1015147	vdb-entryx_refsource_SECTRACK
	http://tomcat.apache.org/security-5.html	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2008-02…	vendor-advisoryx_refsource_REDHAT
	http://community.ca.com/blogs/casecurityresponseb…	x_refsource_CONFIRM
	http://support.ca.com/irj/portal/anonymous/phpsup…	x_refsource_CONFIRM
	https://lists.apache.org/thread.html/29dc6c2b6257…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/c62b0e3a7bf2…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rb71997f506c…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:17:22.767Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2006:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "17416",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17416"
          },
          {
            "name": "239312",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUNALERT",
              "x_transferred"
            ],
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "20439",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/20439"
          },
          {
            "name": "30899",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "15325",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15325"
          },
          {
            "name": "ADV-2008-1979",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "33668",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
          },
          {
            "name": "ADV-2009-0233",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "1015147",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015147"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "RHSA-2008:0261",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-04T05:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T21:07:31.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2006:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-4.html"
        },
        {
          "name": "30908",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30908"
        },
        {
          "name": "17416",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17416"
        },
        {
          "name": "239312",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUNALERT"
          ],
          "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
        },
        {
          "name": "20439",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/20439"
        },
        {
          "name": "30899",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/30899"
        },
        {
          "name": "15325",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15325"
        },
        {
          "name": "ADV-2008-1979",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/1979/references"
        },
        {
          "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
        },
        {
          "name": "33668",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33668"
        },
        {
          "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
        },
        {
          "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
        },
        {
          "name": "ADV-2009-0233",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/0233"
        },
        {
          "name": "1015147",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015147"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-5.html"
        },
        {
          "name": "RHSA-2008:0261",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3510",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2006:0161",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "17416",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17416"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "20439",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/20439"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "15325",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15325"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "1015147",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015147"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3510",
    "datePublished": "2005-11-06T16:00:00.000Z",
    "dateReserved": "2005-11-06T05:00:00.000Z",
    "dateUpdated": "2024-08-07T23:17:22.767Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-032

Vulnerability from certfr_avis - Published: 2009-01-28 - Updated: 2009-01-28

De multiples vulnérabilités affectent la version d'Apache Tomcat fournie avec CA Cohesion Application Configuration Manager.

Description

De multiples vulnérabilités affectent la version d'Apache Tomcat incluse dans CA Cohesion Application Configuration Manager. Ces vulnérabilités sont décrites dans les diverses références CVE (voir section Documentation) et permettent notamment de réaliser un déni de service à distance, d'injecter des scripts, d'afficher le contenu de certains fichiers, etc.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

CA Cohesion Application Configuration Manager version 4.5.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité CA20090123-01 du 26 janvier 2009

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eCA Cohesion Application Configuration  Manager\u003c/SPAN\u003e version 4.5.\u003c/P\u003e",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent la version d\u0027Apache Tomcat incluse\ndans CA Cohesion Application Configuration Manager. Ces vuln\u00e9rabilit\u00e9s\nsont d\u00e9crites dans les diverses r\u00e9f\u00e9rences CVE (voir section\nDocumentation) et permettent notamment de r\u00e9aliser un d\u00e9ni de service \u00e0\ndistance, d\u0027injecter des scripts, d\u0027afficher le contenu de certains\nfichiers, etc.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2008-0128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0128"
    },
    {
      "name": "CVE-2007-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1858"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2006-7196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7196"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2007-3382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3382"
    },
    {
      "name": "CVE-2005-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
    },
    {
      "name": "CVE-2006-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
    },
    {
      "name": "CVE-2007-3386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3386"
    },
    {
      "name": "CVE-2007-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2449"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    },
    {
      "name": "CVE-2006-7195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-7195"
    },
    {
      "name": "CVE-2007-3385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3385"
    }
  ],
  "initial_release_date": "2009-01-28T00:00:00",
  "last_revision_date": "2009-01-28T00:00:00",
  "links": [],
  "reference": "CERTA-2009-AVI-032",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent la version d\u0027\u003cspan\nclass=\"textit\"\u003eApache Tomcat\u003c/span\u003e fournie avec \u003cspan class=\"textit\"\u003eCA\nCohesion Application Configuration Manager\u003c/span\u003e.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans CA Cohesion Application Configuration Manager",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 CA20090123-01 du 26 janvier 2009",
      "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    }
  ]
}

CERTA-2008-AVI-349

Vulnerability from certfr_avis - Published: 2008-07-04 - Updated: 2008-07-04

Plusieurs vulnérabilités de Sun Solaris permettent à une personne malintentionnée d'effectuer, entre autres, un déni de service à distance.

Description

De multiples vulnérabilités non documentées du serveur Tomcat de Sun Solaris permettent à une personne malveillante d'effectuer un déni de service à distance, un courtournement de la politique de sécurité, une atteinte à la confidentialité des données ou une injection de code indirecte.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Sun Solaris 10.
	N/A	N/A	Sun Solaris 9 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Sun Solaris #239312 du 30 juin 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Sun Solaris 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Sun Solaris 9 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s non document\u00e9es du serveur Tomcat de Sun\nSolaris permettent \u00e0 une personne malveillante d\u0027effectuer un d\u00e9ni de\nservice \u00e0 distance, un courtournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es ou une injection de code\nindirecte.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2450"
    },
    {
      "name": "CVE-2007-0450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0450"
    },
    {
      "name": "CVE-2007-1358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1358"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2005-2090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2090"
    },
    {
      "name": "CVE-2002-2006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-2006"
    },
    {
      "name": "CVE-2002-1394",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-1394"
    },
    {
      "name": "CVE-2005-3164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3164"
    },
    {
      "name": "CVE-2002-1148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-1148"
    },
    {
      "name": "CVE-2005-3510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3510"
    },
    {
      "name": "CVE-2006-3835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3835"
    },
    {
      "name": "CVE-2003-0866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0866"
    },
    {
      "name": "CVE-2007-1355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1355"
    }
  ],
  "initial_release_date": "2008-07-04T00:00:00",
  "last_revision_date": "2008-07-04T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-349",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-07-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s de \u003cspan class=\"textit\"\u003eSun Solaris\u003c/span\u003e\npermettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer, entre autres, un\nd\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Sun Solaris",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Sun Solaris #239312 du 30 juin 2008",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-239312-1"
    }
  ]
}

GHSA-8F4W-JWQV-5CXC

Vulnerability from github – Published: 2022-05-01 02:18 – Updated: 2025-04-03 14:35

Summary

Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests

Details

Severity ?

8.7 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 5.5.11"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.tomcat:tomcat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.5.0"
            },
            {
              "fixed": "5.5.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2005-3510"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-770"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-03T14:35:20Z",
    "nvd_published_at": "2005-11-06T11:02:00Z",
    "severity": "HIGH"
  },
  "details": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
  "id": "GHSA-8f4w-jwqv-5cxc",
  "modified": "2025-04-03T14:35:20Z",
  "published": "2022-05-01T02:18:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3510"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/tomcat"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200228054210/http://www.securityfocus.com/archive/1/415782/30/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200229175931/http://www.securityfocus.com/bid/15325"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200517122628/http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200517153851/http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200922015809/http://securitytracker.com/id?1015147"
    },
    {
      "type": "WEB",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "type": "WEB",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "type": "WEB",
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "type": "WEB",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Apache Tomcat Vulnerable to Denial of Service (DoS) via Simultaneous Requests"
}

FKIE_CVE-2005-3510

Vulnerability from fkie_nvd - Published: 2005-11-06 11:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
cve@mitre.org	http://secunia.com/advisories/17416	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/30899
cve@mitre.org	http://secunia.com/advisories/30908
cve@mitre.org	http://secunia.com/advisories/33668
cve@mitre.org	http://securitytracker.com/id?1015147	Patch, Vendor Advisory
cve@mitre.org	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
cve@mitre.org	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
cve@mitre.org	http://tomcat.apache.org/security-4.html
cve@mitre.org	http://tomcat.apache.org/security-5.html
cve@mitre.org	http://www.osvdb.org/20439
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2006-0161.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0261.html
cve@mitre.org	http://www.securityfocus.com/archive/1/415782/30/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/500396/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/500412/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/15325
cve@mitre.org	http://www.vupen.com/english/advisories/2008/1979/references
cve@mitre.org	http://www.vupen.com/english/advisories/2009/0233
cve@mitre.org	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
cve@mitre.org	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17416	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30899
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30908
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33668
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015147	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
af854a3a-2127-422b-91ae-364da2661108	http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-4.html
af854a3a-2127-422b-91ae-364da2661108	http://tomcat.apache.org/security-5.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/20439
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2006-0161.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0261.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/415782/30/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/500396/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/500412/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15325
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/1979/references
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2009/0233
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108	https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E

Impacted products

Vendor	Product	Version
apache	tomcat	5.5.0
apache	tomcat	5.5.1
apache	tomcat	5.5.2
apache	tomcat	5.5.3
apache	tomcat	5.5.4
apache	tomcat	5.5.5
apache	tomcat	5.5.6
apache	tomcat	5.5.7
apache	tomcat	5.5.8
apache	tomcat	5.5.9
apache	tomcat	5.5.10
apache	tomcat	5.5.11

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB203AEC-2A94-48CA-A0E0-B5A8EBF028B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E98B82A-22E5-4E6C-90AE-56F5780EA147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "34672E90-C220-436B-9143-480941227933",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "92883AFA-A02F-41A5-9977-ABEAC8AD2970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "989A78F8-EE92-465F-8A8D-ECF0B58AFE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5B6627-B4A4-4E2D-B96C-CA37CCC8C804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACFB09F3-32D1-479C-8C39-D7329D9A6623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56581E2-9ECD-426A-96D8-A9D958900AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "717F6995-5AF0-484C-90C0-A82F25FD2E32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B0C01D5-773F-469C-9E69-170C2844AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB03FDFB-4DBF-4B70-BFA3-570D1DE67695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
    }
  ],
  "id": "CVE-2005-3510",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-11-06T11:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17416"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33668"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015147"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/20439"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/15325"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2009/0233"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17416"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30899"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://securitytracker.com/id?1015147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-4.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tomcat.apache.org/security-5.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/20439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/15325"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/1979/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2009/0233"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2005-3510

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2005-3510

Aliases

CVE-2005-3510

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-3510",
    "description": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
    "id": "GSD-2005-3510",
    "references": [
      "https://www.suse.com/security/cve/CVE-2005-3510.html",
      "https://access.redhat.com/errata/RHSA-2010:0602",
      "https://access.redhat.com/errata/RHSA-2008:0524",
      "https://access.redhat.com/errata/RHSA-2008:0261",
      "https://access.redhat.com/errata/RHSA-2007:1069",
      "https://access.redhat.com/errata/RHSA-2007:0340",
      "https://access.redhat.com/errata/RHSA-2006:0161"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-3510"
      ],
      "details": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.",
      "id": "GSD-2005-3510",
      "modified": "2023-12-13T01:20:12.081986Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-3510",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2006:0161",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
          },
          {
            "name": "http://tomcat.apache.org/security-4.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-4.html"
          },
          {
            "name": "30908",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30908"
          },
          {
            "name": "17416",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17416"
          },
          {
            "name": "239312",
            "refsource": "SUNALERT",
            "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
          },
          {
            "name": "20439",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/20439"
          },
          {
            "name": "30899",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/30899"
          },
          {
            "name": "15325",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15325"
          },
          {
            "name": "ADV-2008-1979",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/1979/references"
          },
          {
            "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
          },
          {
            "name": "33668",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33668"
          },
          {
            "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
          },
          {
            "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
          },
          {
            "name": "ADV-2009-0233",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2009/0233"
          },
          {
            "name": "1015147",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015147"
          },
          {
            "name": "http://tomcat.apache.org/security-5.html",
            "refsource": "CONFIRM",
            "url": "http://tomcat.apache.org/security-5.html"
          },
          {
            "name": "RHSA-2008:0261",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
          },
          {
            "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
            "refsource": "CONFIRM",
            "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
          },
          {
            "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
            "refsource": "CONFIRM",
            "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3510"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "15325",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/15325"
            },
            {
              "name": "1015147",
              "refsource": "SECTRACK",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://securitytracker.com/id?1015147"
            },
            {
              "name": "17416",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17416"
            },
            {
              "name": "RHSA-2006:0161",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
            },
            {
              "name": "20439",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/20439"
            },
            {
              "name": "http://tomcat.apache.org/security-4.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-4.html"
            },
            {
              "name": "http://tomcat.apache.org/security-5.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://tomcat.apache.org/security-5.html"
            },
            {
              "name": "RHSA-2008:0261",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
            },
            {
              "name": "239312",
              "refsource": "SUNALERT",
              "tags": [],
              "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
            },
            {
              "name": "30908",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30908"
            },
            {
              "name": "30899",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/30899"
            },
            {
              "name": "33668",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33668"
            },
            {
              "name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
            },
            {
              "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
            },
            {
              "name": "ADV-2009-0233",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2009/0233"
            },
            {
              "name": "ADV-2008-1979",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/1979/references"
            },
            {
              "name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
            },
            {
              "name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
            },
            {
              "name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-03-25T11:29Z",
      "publishedDate": "2005-11-06T11:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2005-3510 (GCVE-0-2005-3510)

CERTA-2009-AVI-032

Description

Solution

CERTA-2008-AVI-349

Description

Solution

GHSA-8F4W-JWQV-5CXC

FKIE_CVE-2005-3510

GSD-2005-3510

Tags

Sightings

Nomenclature