Upstream information
Description
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 2.6 |
| Vector | AV:N/AC:H/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SU-2013:0226-1, published Fri Feb 1 09:04:21 MST 2013
- openSUSE-SU-2013:0161-1, published Wed, 23 Jan 2013 14:06:32 +0100 (CET)
- openSUSE-SU-2013:0170-1, published Wed, 23 Jan 2013 14:06:54 +0100 (CET)
- openSUSE-SU-2013:0192-1, published Wed, 23 Jan 2013 20:04:50 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Server for SAP Applications 11 SP2 |
| Patchnames: slessp2-tomcat6 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA tomcat6-6.0.18-20.35.40.1 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA tomcat6-6.0.41-0.43.1 |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 19:35:38 2013CVE page last modified: Mon Dec 12 17:44:10 2022
Run SAP
SUSE for Public Cloud
Security
