Apache Tomcat Denial Of Service Vulnerability (CVE-2012-2733)
Gravité: : Medium
Identifiant(s) CVE: : CVE-2012-2733
Date du conseil: 21 juillet 2015
Description
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000131
Trend Micro Deep Security DPI Rule Name: 1000131 - HTTP Header Length Restriction
Affected software and version:
- apache tomcat 6.0
- apache tomcat 6.0.0
- apache tomcat 6.0.1
- apache tomcat 6.0.10
- apache tomcat 6.0.11
- apache tomcat 6.0.12
- apache tomcat 6.0.13
- apache tomcat 6.0.14
- apache tomcat 6.0.15
- apache tomcat 6.0.16
- apache tomcat 6.0.17
- apache tomcat 6.0.18
- apache tomcat 6.0.19
- apache tomcat 6.0.2
- apache tomcat 6.0.20
- apache tomcat 6.0.24
- apache tomcat 6.0.26
- apache tomcat 6.0.27
- apache tomcat 6.0.28
- apache tomcat 6.0.29
- apache tomcat 6.0.3
- apache tomcat 6.0.30
- apache tomcat 6.0.31
- apache tomcat 6.0.32
- apache tomcat 6.0.33
- apache tomcat 6.0.35
- apache tomcat 6.0.4
- apache tomcat 6.0.5
- apache tomcat 6.0.6
- apache tomcat 6.0.7
- apache tomcat 6.0.8
- apache tomcat 6.0.9
- apache tomcat 7.0.0
- apache tomcat 7.0.1
- apache tomcat 7.0.10
- apache tomcat 7.0.11
- apache tomcat 7.0.12
- apache tomcat 7.0.13
- apache tomcat 7.0.14
- apache tomcat 7.0.15
- apache tomcat 7.0.16
- apache tomcat 7.0.17
- apache tomcat 7.0.18
- apache tomcat 7.0.19
- apache tomcat 7.0.2
- apache tomcat 7.0.20
- apache tomcat 7.0.21
- apache tomcat 7.0.22
- apache tomcat 7.0.23
- apache tomcat 7.0.25
- apache tomcat 7.0.3
- apache tomcat 7.0.4
- apache tomcat 7.0.5
- apache tomcat 7.0.6
- apache tomcat 7.0.7
- apache tomcat 7.0.8
- apache tomcat 7.0.9