CVE-2012-2733

2012-11-1600:00:00

ubuntu.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

9.2 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO
connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not
properly restrict the request-header size, which allows remote attackers to
cause a denial of service (memory consumption) via a large amount of header
data.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692440 (tomcat7)>
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692439 (tomcat6)>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtomcat6< 6.0.24-2ubuntu1.11UNKNOWN
ubuntu11.10noarchtomcat6< 6.0.32-5ubuntu1.3UNKNOWN
ubuntu12.04noarchtomcat6< 6.0.35-1ubuntu3.1UNKNOWN
ubuntu12.10noarchtomcat6< 6.0.35-5ubuntu0.1UNKNOWN
ubuntu11.10noarchtomcat7< 7.0.21-1ubuntu0.1UNKNOWN
ubuntu12.04noarchtomcat7< 7.0.26-1ubuntu1.2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	tomcat6	< 6.0.24-2ubuntu1.11	UNKNOWN
ubuntu	11.10	noarch	tomcat6	< 6.0.32-5ubuntu1.3	UNKNOWN
ubuntu	12.04	noarch	tomcat6	< 6.0.35-1ubuntu3.1	UNKNOWN
ubuntu	12.10	noarch	tomcat6	< 6.0.35-5ubuntu0.1	UNKNOWN
ubuntu	11.10	noarch	tomcat7	< 7.0.21-1ubuntu0.1	UNKNOWN
ubuntu	12.04	noarch	tomcat7	< 7.0.26-1ubuntu1.2	UNKNOWN