Lucene search
SecurityvulnsSECURITYVULNS:DOC:28802HistoryDec 07, 2012 - 12:00 a.m.
CVE-2012-4534 Apache Tomcat denial of service
2012-12-0700:00:00
vulners.com
75
CVE-2012-4534 Apache Tomcat denial of service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.27
- Tomcat 6.0.0 to 6.0.35
Description:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. This was originally reported
as https://issues.apache.org/bugzilla/show_bug.cgi?id=52858.
Mitigation:
Users of affected versions should apply one of the following mitigations:
- Tomcat 7.0.x users should upgrade to 7.0.28 or later
- Tomcat 6.0.x users should upgrade to 6.0.36 or later
Credit:
The security implications of this bug were identified by Arun Neelicattu
of the Red Hat Security Response Team.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
Related
checkpoint_advisories
checkpoint_advisories
Apache Tomcat NIO Connector Denial of Service (CVE-2012-4534)
2013-01-14 00:00:00
nessus
nessus
FreeBSD : tomcat -- denial of service (134acaa2-51ef-11e2-8e34-0022156e8794)
2012-12-31 00:00:00
openSUSE Security Update : tomcat (openSUSE-SU-2013:0170-1)
2014-06-13 00:00:00
Apache Tomcat 7.0.x < 7.0.28 Header Parsing Remote Denial of Service
2012-11-26 00:00:00
debiancve
debiancve
CVE-2012-4534
2012-12-19 11:55:00
cve
cve
CVE-2012-4534
2012-12-19 11:55:00
prion
prion
Design/Logic Flaw
2012-12-19 11:55:00
ubuntucve
ubuntucve
CVE-2012-4534
2012-12-19 00:00:00
freebsd
freebsd
tomcat -- denial of service
2012-12-04 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 7.0.28
2012-06-19 00:00:00
Fixed in Apache Tomcat 6.0.36
2012-10-19 00:00:00
openvas
openvas
Apache Tomcat 7.x < 7.0.28 Multiple Vulnerabilities (Jun 2012) - Linux
2021-10-29 00:00:00
Ubuntu Update for tomcat7 USN-1685-1
2013-01-15 00:00:00
VMware Security Updates for vCenter Server (VMSA-2013-0006)
2014-01-09 00:00:00
thn
thn
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 06:45:00
Apache Tomcat Multiple Critical Vulnerabilities
2012-12-05 17:45:00
ubuntu
ubuntu
Tomcat vulnerabilities
2013-01-14 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2012-12-07 00:00:00
redhat
redhat
(RHSA-2013:0623) Important: tomcat6 security update
2013-03-11 00:00:00
(RHSA-2013:0265) Moderate: tomcat6 security update
2013-02-19 20:28:50
(RHSA-2013:0266) Moderate: tomcat6 security update
2013-02-19 20:29:27
centos
centos
tomcat6 security update
2013-03-12 05:31:44
fedora
fedora
[SECURITY] Fedora 16 Update: tomcat-7.0.33-1.fc16
2012-12-19 08:29:53
oraclelinux
oraclelinux
tomcat6 security update
2013-03-11 00:00:00
f5
f5
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00
atlassian
atlassian
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
debian
debian
[SECURITY] [DSA 2725-1] tomcat6 security update
2013-07-18 17:58:50
osv
osv
tomcat6 - several
2013-07-18 00:00:00
vmware
vmware
VMware security updates for vCenter Server
2013-04-25 00:00:00
VMware security updates for vCenter Server
2013-04-25 00:00:00
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
Related for SECURITYVULNS:DOC:28802