exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2012-2733

Status Candidate

Overview

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Related Files

Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
SHA-256 | 812d31eb8958cb4cc614f89b209201bd059c54668a58d0182c6f4a98085d268e
HP Security Bulletin HPSBMU02873 SSRT101182
Posted Apr 30, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBMU02873 SSRT101182 - Several potential security vulnerabilities have been identified with HP Service Manager for Windows, Linux, HP-UX, Solaris and AIX. The Apache Tomcat environment has been updated to correct these issues. Revision 1 of this advisory.

tags | advisory, vulnerability
systems | linux, windows, solaris, aix, hpux
advisories | CVE-2012-2733, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534
SHA-256 | 3a9a3d4a425cbd20923f80d24ed414a8a63ec3c97cce49d888efcf082ada17c7
HP Security Bulletin HPSBUX02866 SSRT101139
Posted Apr 16, 2013
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX02866 SSRT101139 - Potential security vulnerabilities have been identified with HP-UX Running Apache. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or to execute arbitrary code and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, denial of service, arbitrary, vulnerability
systems | hpux
advisories | CVE-2007-6750, CVE-2012-2687, CVE-2012-2733, CVE-2012-3499, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-4557, CVE-2012-4558, CVE-2012-4929, CVE-2012-5885
SHA-256 | d6c34385da1a0269af4fc2c91e93b32c176acbb9b42ae7cafb46c63ea03bc087
Red Hat Security Advisory 2013-0266-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0266-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 838e0b0453161e876d6ad39703ceea8e53d3dc5c7776541bd1681cd631c9061c
Red Hat Security Advisory 2013-0265-01
Posted Feb 19, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0265-01 - Apache Tomcat is a servlet container. It was found that sending a request without a session identifier to a protected resource could bypass the Cross-Site Request Forgery prevention filter. A remote attacker could use this flaw to perform CSRF attacks against applications that rely on the CSRF prevention filter and do not contain internal mitigation for CSRF. A flaw was found in the way Tomcat handled sendfile operations when using the HTTP NIO connector and HTTPS. A remote attacker could use this flaw to cause a denial of service. The HTTP NIO connector is used by default in JBoss Enterprise Web Server. The Apache Portable Runtime connector from the Tomcat Native library was not affected by this flaw.

tags | advisory, remote, web, denial of service, csrf
systems | linux, redhat
advisories | CVE-2012-2733, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 6511b80f8afd37774dceb238e867e6df16dccae6e5a11cbab1bec49a8584d7f2
Ubuntu Security Notice USN-1637-1
Posted Nov 21, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1637-1 - It was discovered that the Apache Tomcat HTTP NIO connector incorrectly handled header data. A remote attacker could cause a denial of service by sending requests with a large amount of header data. It was discovered that Apache Tomcat incorrectly handled DIGEST authentication. A remote attacker could possibly use these flaws to perform a replay attack and bypass authentication. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2012-2733, CVE-2012-5887, CVE-2012-2733, CVE-2012-3439, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887
SHA-256 | 6864ba7f5f6a718c9e0112e11cec496ec671ff32f21f776d4ab22411b5416b9c
Apache Tomcat 6.x / 7.x Denial Of Service
Posted Nov 6, 2012
Authored by Mark Thomas, Josh Spiewak | Site tomcat.apache.org

Apache Tomcat suffers from a denial of service vulnerability. The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. Tomcat versions 6.0.0 through 6.0.34 and 7.0.0 through 7.0.27 are affected.

tags | advisory, web, denial of service
advisories | CVE-2012-2733
SHA-256 | 4b381434f76f5509cd4b1e048e50886bad81c0880d9575db95a7a732d9839225
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close