FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- denial of service

Affected packages
6.0.0 <= tomcat6 <= 6.0.35
7.0.0 <= tomcat7 <= 7.0.27

Details

VuXML ID 134acaa2-51ef-11e2-8e34-0022156e8794
Discovery 2012-12-04
Entry 2012-12-04

The Apache Software Foundation reports:

When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service.

References

CVE Name CVE-2012-4534
URL http://tomcat.apache.org/security-6.html
URL http://tomcat.apache.org/security-7.html