Tomcat和Hashtable 碰撞拒绝服务漏洞

Tomcat和Hashtable 碰撞拒绝服务漏洞

http://developer.51cto.com/art/201112/310300.htm

之前你可能听说过关于 Java 中的哈希表实现上的漏洞，现如今因为 Tomcat 使用了哈希表来存储 HTTP 请求参数，因此也受此问题影响。目前为止，Oracle 尚未为该问题提供补丁。

为此 Tomcat 实现了一个变通的做法，提供一个新的选项 maxParameterCount 用来限制但请求中最大的参数数量，该参数默认值是 10000，这对多数应用程序来说已经足够，这个值也足够用来绕过 JRE 中的哈希表的 bug。

目前该变通方法将会在以下版本中实现：

trunk

7.0.23 onwards

6.0.35 onwards

该方法也将在即将发布的 5.5.35 版本中实现。

如果你正在使用早期的 Tomcat 版本，没有 maxParameterCount 属性，那么可以通过限制 maxPostSize 到 10kb 以下来解决这个问题。

尽管这不是 Tomcat 本身的bug，但 Tomcat 安全团队还是发布了该消息并告知潜在的问题。

关于此漏洞的更详细信息请看：

http://www.nruns.com/_downloads/advisory28122011.pdf

原文链接：http://www.oschina.net/news/24418/tomcat-hashtable-collision-dos-vulnerability

 

 

Tomcat 今天又爆出两个新的重要的漏洞，这两个漏洞分别是：

CVE-2011-3375 Apache Tomcat Information disclosure

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

◆ Tomcat 7.0.0 to 7.0.21

◆ Tomcat 6.0.30 to 6.0.33

◆ Earlier versions are not affected

Description:

For performance reasons, information parsed from a request is often
cached in two places: the internal request object and the internal
processor object. These objects are not recycled at exactly the same time.
When certain errors occur that needed to be added to the access log, the
access logging process triggers the re-population of the request object
after it has been recycled. However, the request object was not recycled
before being used for the next request. That lead to information leakage
(e.g. remote IP address, HTTP headers) from the previous request to the
next request.
The issue was resolved be ensuring that the request and response objects
were recycled after being re-populated to generate the necessary access
log entries.

解决的办法：

◆  Tomcat 7.0.x 用户应该升级到 7.0.22 或者更新版本

◆ Tomcat 6.0.x 应该升级到 6.0.35 或更新版本

CVE-2012-0022 Apache Tomcat Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

◆ Tomcat 7.0.0 to 7.0.22
◆ Tomcat 6.0.0 to 6.0.33
◆ Tomcat 5.5.0 to 5.5.34
◆ Earlier, unsupported versions may also be affected

Description:
Analysis of the recent hash collision vulnerability identified unrelated
inefficiencies with Apache Tomcat's handling of large numbers of
parameters and parameter values. These inefficiencies could allow an
attacker, via a specially crafted request, to cause large amounts of CPU
to be used which in turn could create a denial of service.
The issue was addressed by modifying the Tomcat parameter handling code
to efficiently process large numbers of parameters and parameter values.

Mitigation:

Users of affected versions should apply one of the following mitigations:

◆ Tomcat 7.0.x users should upgrade to 7.0.23 or later

◆ Tomcat 6.0.x users should upgrade to 6.0.35 or later

◆ Tomcat 5.5.x users should upgrade to 5.5.35 or later