CVE-2012-2733

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.35 Apache Tomcat versions 7.0.0 through 7.0.27

Description The issue is related to the HTTP NIO connector, where the request-header size is not properly restricted. This allows remote attackers to cause a denial of service by consuming memory via a large amount of header data. The checks that limited the permitted size of request headers were implemented too late in the request parsing process, enabling a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.35, update to version 6.0.36 or later. For Apache Tomcat versions 7.0.0 through 7.0.27, update to version 7.0.28 or later.