Back to search
CVE-2012-2733
Published: Nov 16, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT101139
vendor-advisory
x_refsource_HP
51371
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2012:1700
vendor-advisory
x_refsource_SUSE
oval:org.mitre.oval:def:19218
vdb-entry
signature
x_refsource_OVAL
USN-1637-1
vendor-advisory
x_refsource_UBUNTU
SSRT101182
vendor-advisory
x_refsource_HP
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
HPSBMU02873
vendor-advisory
x_refsource_HP
56402
vdb-entry
x_refsource_BID
http://svn.apache.org/viewvc?view=revision&revision=1356208
x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
57126
third-party-advisory
x_refsource_SECUNIA
openSUSE-SU-2013:0147
vendor-advisory
x_refsource_SUSE
HPSBUX02866
vendor-advisory
x_refsource_HP
HPSBST02955
vendor-advisory
x_refsource_HP
openSUSE-SU-2012:1701
vendor-advisory
x_refsource_SUSE
http://svn.apache.org/viewvc?view=revision&revision=1350301
x_refsource_CONFIRM
1027729
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now