FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

tomcat -- Denial of Service

Affected packages
6.0.0 < tomcat < 6.0.36
7.0.0 < tomcat < 7.0.28

Details

VuXML ID 4ca26574-2a2c-11e2-99c7-00a0d181e71d
Discovery 2012-11-05
Entry 2012-11-08
Modified 2012-11-09

The Apache Software Foundation reports:

The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. This issue was identified by Josh Spiewak.

References

CVE Name CVE-2012-2733
URL http://tomcat.apache.org/security-6.html
URL http://tomcat.apache.org/security-7.html
URL http://tomcat.apache.org/security.html