Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows) Network Vulnerability

Summary

This host is running Apache Tomcat Server and is prone to denial of service vulnerability.

Impact

Successful exploitation could allow remote attackers to cause a denial of service condition. Impact Level: Application

Solution

Apply patch or upgrade Apache Tomcat to 6.0.36, 7.0.28 or later, For updates refer to http://tomcat.apache.org/ ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Insight

The flaw is due to error in java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector, which does not properly restrict the request-header size.

Affected

Apache Tomcat version 6.x to 6.0.35 and 7.x to 7.0.27

References

http://secunia.com/advisories/51138
http://svn.apache.org/viewvc?view=revision&revision=1350301
http://svn.apache.org/viewvc?view=revision&revision=1356208
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2733

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

IBM WebSphere Application Server Hash Collisions DOS Vulnerability
bozohttpd Security Bypass Vulnerability
Ecava IntegraXor Directory Traversal Vulnerability
Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability
IBM WebSphere Application Server Admin Console Cross-site Scripting Vulnerability

Take action and discover your vulnerabilities