PT-2012-5465 · Apache+4 · Apache Tomcat+4

Dmitry Kukushkin

Publicado

2012-10-19

Atualizado

2017-09-19

CVE-2012-4534

CVSS v2.0

2.6

Baixa

Vetor

AV:N/AC:H/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.35 Apache Tomcat versions 7.0.0 through 7.0.27

Description The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This occurs when the NIO connector is used in conjunction with sendfile and HTTPS, and the connection is terminated during the reading of a response.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.35, update to version 6.0.36 or later. For Apache Tomcat versions 7.0.0 through 7.0.27, update to version 7.0.28 or later.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

CESA-2013_0623

CVE-2012-4534

HPSBUX02866

RHSA-2013:0266

RHSA-2013:0623

RHSA-2013_0623

Produtos afetados

Apache Tomcat

Centos

Hp-Ux

Red Hat

Suse

PT-2012-5465 · Apache+4 · Apache Tomcat+4

CVE-2012-4534

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 53