5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.93 High
EPSS
Percentile
99.1%
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10
processes chunked transfer coding without properly handling (1) a large
total amount of chunked data or (2) whitespace characters in an HTTP header
value within a trailer field, which allows remote attackers to cause a
denial of service by streaming data. NOTE: this vulnerability exists
because of an incomplete fix for CVE-2012-3544.