Upstream information
Description
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SU-2013:0226-1, published Fri Feb 1 09:04:21 MST 2013 openSUSE-SU-2012:1700-1 openSUSE-SU-2012:1701-1 openSUSE-SU-2013:0147-1
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 |
| Patchnames: slessp2-tomcat6 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA tomcat6-6.0.18-20.35.40.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA tomcat6-6.0.41-0.43.1 |
SUSE Timeline for this CVE
CVE page created: Thu Jul 17 09:06:21 2014CVE page last modified: Thu Dec 7 13:05:34 2023