Test ID:	1.3.6.1.4.1.25623.1.0.147032
Category:	Web Servers
Title:	Apache Tomcat 7.x < 7.0.28 Multiple Vulnerabilities (Jun 2012) - Linux
Summary:	Apache Tomcat is prone to multiple vulnerabilities.
Description:	Summary: Apache Tomcat is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - CVE-2012-2733: The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers. - CVE-2012-4534: When using the NIO connector with sendfile and HTTPS enabled, if a client breaks the connection while reading the response an infinite loop is entered leading to a denial of service. Affected Software/OS: Apache Tomcat version 7.0.x through 7.0.27. Solution: Update to version 7.0.28 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2733 BugTraq ID: 56402 http://www.securityfocus.com/bid/56402 HPdes Security Advisory: HPSBMU02873 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878 HPdes Security Advisory: HPSBST02955 http://marc.info/?l=bugtraq&m=139344343412337&w=2 HPdes Security Advisory: HPSBUX02866 http://marc.info/?l=bugtraq&m=136612293908376&w=2 HPdes Security Advisory: SSRT101139 HPdes Security Advisory: SSRT101182 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218 http://www.securitytracker.com/id?1027729 http://secunia.com/advisories/51371 http://secunia.com/advisories/57126 SuSE Security Announcement: openSUSE-SU-2012:1700 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html SuSE Security Announcement: openSUSE-SU-2012:1701 (Google Search) http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html SuSE Security Announcement: openSUSE-SU-2013:0147 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://www.ubuntu.com/usn/USN-1637-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-4534 1027836 http://www.securitytracker.com/id?1027836 20121204 CVE-2012-4534 Apache Tomcat denial of service http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html 56813 http://www.securityfocus.com/bid/56813 57126 HPSBMU02873 HPSBST02955 HPSBUX02866 RHSA-2013:0623 http://rhn.redhat.com/errata/RHSA-2013-0623.html SSRT101139 SSRT101182 USN-1685-1 http://www.ubuntu.com/usn/USN-1685-1 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218 http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218 http://svn.apache.org/viewvc?view=revision&revision=1340218 http://tomcat.apache.org/security-6.html http://tomcat.apache.org/security-7.html https://issues.apache.org/bugzilla/show_bug.cgi?id=52858 openSUSE-SU-2013:0161 http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html openSUSE-SU-2013:0170 http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html openSUSE-SU-2013:0192 http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html oval:org.mitre.oval:def:19398 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.