icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service

Medium

Synopsis

The remote web server is affected by a remote denial of service vulnerabily

Description

Versions of Tomcat 7.0.x earlier than 7.0.28 are potentially affected by a remote denial of service vulnerability:

- A flaw exists within the parseHeaders() function that could allow for a crafted header to cause a remote denial of service (CVE-2012-2733)

- An error exists related to the 'NIO' connector when HTTPS and 'sendfile' are enabled that can force the application into an infinite loop. (CVE-2012-4534)

Solution

Upgrade to Apache Tomcat 7.0.28 or later.