Risks
Advisories
Browse
or
or

Apache Tomcat - denial of service (CVE-2012-4534)
CVE-2012-4534 Apache Tomcat denial of service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
- Tomcat 7.0.0 to 7.0.27
- Tomcat 6.0.0 to 6.0.35

Description:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. This was originally reported
as https://issues.apache.org/bugzilla/show_bug.cgi?id=52858.

Mitigation:
Users of affected versions should apply one of the following mitigations:
- Tomcat 7.0.x users should upgrade to 7.0.28 or later
- Tomcat 6.0.x users should upgrade to 6.0.36 or later

Credit:
The security implications of this bug were identified by Arun Neelicattu
of the Red Hat Security Response Team.

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html





Spotlight

Review: Logging and Log Management

Posted on 22 May 2013.  |  Every security practitioner should be aware of the overwhelming advantages of logging and perusing logs for discovering system intrusions. But logging and log management comes with its own set of difficulties.


Daily digest

By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
  
Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
  

 
DON'T
MISS
Thu, May 23rd
    COPYRIGHT 1998-2013 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //