ignore security and it'll go away
Showing 1 - 7 of 7 RSS Feed

CVE-2012-2733

Status Candidate

Overview

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Related Files

Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
MD5 | 647b25de46b1c32b73686dc16ad0f07c
HP Security Bulletin HPSBMU02873 SSRT101182
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
MD5 | 134f8575c9609064436934f44a5277bd
HP Security Bulletin HPSBUX02866 SSRT101139
Posted Apr 16, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-6750, CVE-2012-2687, CVE-2012-2733, CVE-2012-3499, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-4557, CVE-2012-4558, CVE-2012-4929, CVE-2012-5885
MD5 | 68b2f8bb3e9e36c2788256913e850100
Red Hat Security Advisory 2013-0266-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0266-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | f2ec6e42bff6b2ed527b7804dae83c4c
Red Hat Security Advisory 2013-0265-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0265-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | e333832ab590be95e27fafb7609e8988
Ubuntu Security Notice USN-1637-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2733, CVE-2012-5887, CVE-2012-2733, CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
MD5 | 1119cc2f60938e86be74803b468d8e20
Apache Tomcat 6.x / 7.x Denial Of Service
Posted Nov 6, 2012
Authored by Mark Thomas, Josh Spiewak | Site tomcat.apache.org

Apache Tomcat suffers from a denial of service vulnerability. The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. Tomcat versions 6.0.0 through 6.0.34 and 7.0.0 through 7.0.27 are affected.

tags | advisory, web, denial of service
advisories | CVE-2012-2733
MD5 | ed8ee85cd88703bc7c41431f7a4fa2e1
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    6 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close