5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.705 High
EPSS
Percentile
98.0%
Important: Denial of service CVE-2012-2733
The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers.
This was fixed in revision 1350301.
This was reported by Josh Spiewak to the Tomcat security team on 4 June 2012 and made public on 5 November 2012.
Affects: 7.0.0-7.0.27
Important: Denial of service CVE-2012-4534
When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. This was originally reported as bug 52858.
This was fixed in revision 1340218.
The security implications of this bug were reported to the Tomcat security team by Arun Neelicattu of the Red Hat Security Response Team on 3 October 2012 and made public on 4 December 2012.
Affects: 7.0.0-7.0.27
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | ge | 7.0.0 | |
apache tomcat | le | 7.0.27 |