Lucene search

[email protected]NVD:CVE-2012-2733

HistoryNov 16, 2012 - 9:55 p.m.

CVE-2012-2733

2012-11-1621:55:01

CWE-20

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.9 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Affected configurations

NVD

Node

apachetomcatMatch6.0

apachetomcatMatch6.0.0

apachetomcatMatch6.0.0alpha

apachetomcatMatch6.0.1

apachetomcatMatch6.0.1alpha

apachetomcatMatch6.0.2

apachetomcatMatch6.0.2alpha

apachetomcatMatch6.0.2beta

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.4alpha

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.6alpha

apachetomcatMatch6.0.7

apachetomcatMatch6.0.7alpha

apachetomcatMatch6.0.7beta

apachetomcatMatch6.0.8

apachetomcatMatch6.0.8alpha

apachetomcatMatch6.0.9

apachetomcatMatch6.0.9beta

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

apachetomcatMatch6.0.35

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.2beta

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.4beta

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

apachetomcatMatch7.0.23

apachetomcatMatch7.0.25

References

lists.opensuse.org/opensuse-updates/2012-12/msg00089.html

lists.opensuse.org/opensuse-updates/2012-12/msg00090.html

lists.opensuse.org/opensuse-updates/2013-01/msg00037.html

marc.info/?l=bugtraq&m=136612293908376&w=2

marc.info/?l=bugtraq&m=139344343412337&w=2

secunia.com/advisories/51371

secunia.com/advisories/57126

svn.apache.org/viewvc?view=revision&revision=1350301

svn.apache.org/viewvc?view=revision&revision=1356208

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

www.securityfocus.com/bid/56402

www.securitytracker.com/id?1027729

www.ubuntu.com/usn/USN-1637-1

h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

8.9 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON

Related for NVD:CVE-2012-2733

freebsd1 ubuntucve1 nessus17 openvas16 prion1 cve1 debiancve1 veracode1 cvelist1 tomcat2 securityvulns2 ubuntu1 fedora1 redhat2 f51 atlassian3 debian1 osv1 vmware2 gentoo1 ibm2