FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-2733

This CVE name corresponds to:

Entered Topic
2012-11-08 tomcat -- Denial of Service

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2012-2733
Phase Assigned(20120514)

Description

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

References

Source Reference
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1350301
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1356208
CONFIRM http://tomcat.apache.org/security-6.html
CONFIRM http://tomcat.apache.org/security-7.html
HP HPSBMU02873
HP SSRT101182
HP HPSBST02955
SUSE openSUSE-SU-2012:1700
SUSE openSUSE-SU-2012:1701
SUSE openSUSE-SU-2013:0147
UBUNTU USN-1637-1
BID 56402
OVAL oval:org.mitre.oval:def:19218
SECTRACK 1027729
SECUNIA 51371
SECUNIA 57126