Skip to main content

CVE-2018-1336

Severity

6.5

Description

An improper handing of overflow in the UTF-8 decoder with supplementary characters can lead to an infinite loop in the decoder causing a Denial of Service. Versions Affected: Apache Tomcat 9.0.0.M9 to 9.0.7, 8.5.0 to 8.5.30, 8.0.0.RC1 to 8.0.51, and 7.0.28 to 7.0.86.

Mitigation

We recommend upgrading to a version of this component that is not vulnerable to this specific issue.

Related links:

Project

Apache Tomcat

Apache TomEE

Category
Denial of Service
Tags
data
operational
Date Disclosed

2018-08-02

Date Discovered

2017-12-07

Apache Tomcat 9.0.x

First release:
2018-01-18
CVEs:
49
Support Lifecycle:
Namespace:
javax
9.0.19.0.29.0.49.0.59.0.69.0.7

Apache TomEE 7.0.x

First release:
2016-05-17
CVEs:
111
Support Lifecycle:
Namespace:
javax
7.0.07.0.17.0.27.0.37.0.4

Apache Tomcat 7.0.x

First release:
2011-01-14
First release:
2021-03-31
CVEs:
55
Support Lifecycle:
Namespace:
javax
7.0.277.0.287.0.297.0.307.0.327.0.337.0.347.0.357.0.37

Apache TomEE 1.7.x

First release:
2014-08-09
CVEs:
95
Support Lifecycle:
Namespace:
javax
1.7.01.7.11.7.21.7.31.7.41.7.5

Apache TomEE 1.6.x

First release:
2013-11-17
CVEs:
108
Support Lifecycle:
Namespace:
javax
1.6.01.6.0.11.6.0.2

Apache TomEE 1.5.x

First release:
2012-09-28
CVEs:
119
Support Lifecycle:
Namespace:
javax
1.5.01.5.11.5.2

Apache TomEE 1.0.x

First release:
2012-04-27
CVEs:
130
Support Lifecycle:
Namespace:
javax
1.0.0
Feel Vulnerable? 

Contact us so we can help you.

* These fields are required.