CVE-2012-2733
Published: 16 November 2012
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat6 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(6.0.24-2ubuntu1.11)
|
|
oneiric |
Released
(6.0.32-5ubuntu1.3)
|
|
precise |
Released
(6.0.35-1ubuntu3.1)
|
|
quantal |
Released
(6.0.35-5ubuntu0.1)
|
|
raring |
Not vulnerable
(6.0.35-5+nmu1)
|
|
upstream |
Released
(6.0.35-5+nmu1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1356208 |
||
tomcat7 Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Released
(7.0.21-1ubuntu0.1)
|
|
precise |
Released
(7.0.26-1ubuntu1.2)
|
|
quantal |
Not vulnerable
(7.0.30-0ubuntu1)
|
|
raring |
Not vulnerable
|
|
upstream |
Released
(7.0.28-1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1350301 |