Upstream information
Description
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SU-2013:0226-1, published Fri Feb 1 09:04:21 MST 2013
- openSUSE-SU-2012:1700-1, published Thu, 27 Dec 2012 17:08:34 +0100 (CET)
- openSUSE-SU-2012:1701-1, published Thu, 27 Dec 2012 17:09:46 +0100 (CET)
- openSUSE-SU-2013:0147-1, published Wed, 23 Jan 2013 14:05:42 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 |
| Patchnames: slessp2-tomcat6 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA tomcat6-6.0.18-20.35.40.1 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA tomcat6-6.0.41-0.43.1 |
SUSE Timeline for this CVE
CVE page created: Thu Jul 17 09:06:21 2014CVE page last modified: Mon Dec 12 17:43:44 2022
Run SAP
SUSE for Public Cloud
Security
