Dmitry Kukushkin

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat versions 6.0.0 through 6.0.35 Apache Tomcat versions 7.0.0 through 7.0.27 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop. This occurs when the NIO connector is used in conjunction with sendfile and HTTPS, and the connection is terminated during the reading of a response. **Recommendations** For Apache Tomcat versions 6.0.0 through 6.0.35, update to version 6.0.36 or later. For Apache Tomcat versions 7.0.0 through 7.0.27, update to version 7.0.28 or later.