CVE-2012-2733

Priority
Description
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO
connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not
properly restrict the request-header size, which allows remote attackers to
cause a denial of service (memory consumption) via a large amount of header
data.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (6.0.35-5+nmu1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1356208
Package
Upstream:released (7.0.28-1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1350301
More Information

Updated: 2019-12-05 20:59:21 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)