Lucene search

K

[email protected]CVE-2012-5568

HistoryNov 30, 2012 - 7:55 p.m.

CVE-2012-5568

2012-11-3019:55:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

581

apache

tomcat

cve-2012-5568

denial of service

http requests

slowloris

nvd

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.2%

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

CPENameOperatorVersion
apache:tomcatapache tomcatle7.0.105
opensuse:opensuseopensuseeq11.4
opensuse:opensuseopensuseeq12.2
opensuse:opensuseopensuseeq12.1

References

captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

openwall.com/lists/oss-security/2012/11/26/2

tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html

tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html

www.securityfocus.com/bid/56686

bugzilla.redhat.com/show_bug.cgi?id=880011

exchange.xforce.ibmcloud.com/vulnerabilities/80317

7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.008 Low

EPSS

Percentile

81.2%

Related for CVE-2012-5568

ubuntucve1 veracode1 prion1 openvas3 f52 debiancve1 seebug1 nessus5 rosalinux1 ibm1