5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.012 Low
EPSS
Percentile
85.4%
Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce
the maxHttpHeaderSize limit for requests involving the NIO HTTP connector,
which allows remote attackers to cause a denial of service
(OutOfMemoryError) via a crafted request.