5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
9.2 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.0%
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO
connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not
properly restrict the request-header size, which allows remote attackers to
cause a denial of service (memory consumption) via a large amount of header
data.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | tomcat6 | < 6.0.24-2ubuntu1.11 | UNKNOWN |
ubuntu | 11.10 | noarch | tomcat6 | < 6.0.32-5ubuntu1.3 | UNKNOWN |
ubuntu | 12.04 | noarch | tomcat6 | < 6.0.35-1ubuntu3.1 | UNKNOWN |
ubuntu | 12.10 | noarch | tomcat6 | < 6.0.35-5ubuntu0.1 | UNKNOWN |
ubuntu | 11.10 | noarch | tomcat7 | < 7.0.21-1ubuntu0.1 | UNKNOWN |
ubuntu | 12.04 | noarch | tomcat7 | < 7.0.26-1ubuntu1.2 | UNKNOWN |