CVE-2012-4534

2012-12-1900:00:00

ubuntu.com

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.705 High

EPSS

Percentile

98.0%

JSON

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before
6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction
with sendfile and HTTPS, allows remote attackers to cause a denial of
service (infinite loop) by terminating the connection during the reading of
a response.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtomcat6< 6.0.24-2ubuntu1.12UNKNOWN
ubuntu11.10noarchtomcat6< 6.0.32-5ubuntu1.4UNKNOWN
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.2UNKNOWN
ubuntu12.10noarchtomcat6< 6.0.35-5ubuntu0.1UNKNOWN
ubuntu11.10noarchtomcat7< 7.0.21-1ubuntu0.1UNKNOWN
ubuntu12.04noarchtomcat7< 7.0.26-1ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	tomcat6	< 6.0.24-2ubuntu1.12	UNKNOWN
ubuntu	11.10	noarch	tomcat6	< 6.0.32-5ubuntu1.4	UNKNOWN
ubuntu	12.04	noarch	tomcat6	< 6.0.35-1ubuntu3.2	UNKNOWN
ubuntu	12.10	noarch	tomcat6	< 6.0.35-5ubuntu0.1	UNKNOWN
ubuntu	11.10	noarch	tomcat7	< 7.0.21-1ubuntu0.1	UNKNOWN
ubuntu	12.04	noarch	tomcat7	< 7.0.26-1ubuntu1.2	UNKNOWN