Apache Tomcat 6.0.x < 6.0.32 NIO Connector DoS

According to its self-reported version number, the instance of Apache Tomcat listening on the remote host is prior to 6.0.32. It is, therefore, affected by a denial of service vulnerability. An error, involving the NIO HTTP connector, exists such that the limit ‘maxHttpHeaderSize’ is not enforced thereby allowing a denial of service condition when memory is exhausted.

Note that Nessus Network Monitor has not tested for this issue but has instead relied only on the application’s self-reported version number.