Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is running Apache Tomcat Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Apply patch or upgrade Apache Tomcat to 6.0.36, 7.0.28 or later, For updates refer to http://tomcat.apache.org/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

The flaw is due to error in java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector, which does not properly restrict the request-header size.

Affected

Apache Tomcat version 6.x to 6.0.35 and 7.x to 7.0.27

References

http://secunia.com/advisories/51138
http://svn.apache.org/viewvc?view=revision&revision=1350301
http://svn.apache.org/viewvc?view=revision&revision=1356208
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2733

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache HTTP Server mod_proxy_ajp Process Timeout DoS Vulnerability (Windows)
Apache Tomcat 'Transfer-Encoding' Information Disclosure and Denial Of Service Vulnerabilities
IMail account hijack
Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
LiteSpeed Web Server Source Code Information Disclosure Vulnerability

Take action and discover your vulnerabilities