Upstream information
Description
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 2.6 |
Vector | AV:N/AC:H/Au:N/C:N/I:N/A:P |
Access Vector | Network |
Access Complexity | High |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | None |
Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SU-2013:0226-1, published Fri Feb 1 09:04:21 MST 2013 openSUSE-SU-2013:0161-1 openSUSE-SU-2013:0170-1 openSUSE-SU-2013:0192-1
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 |
| Patchnames: slessp2-tomcat6 |
SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA tomcat6-6.0.18-20.35.40.1 |
SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA tomcat6-6.0.41-0.43.1 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:35:38 2013CVE page last modified: Thu Dec 7 13:05:43 2023