CVE-2012-4534 Apache Tomcat denial of service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Description:
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. This was originally reported
as https://issues.apache.org/bugzilla/show_bug.cgi?id=52858.
Mitigation:
Users of affected versions should apply one of the following mitigations:
Credit:
The security implications of this bug were identified by Arun Neelicattu
of the Red Hat Security Response Team.
References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html