5
CVE-2012-2733
- EPSS 8.74%
- Veröffentlicht 16.11.2012 21:55:01
- Zuletzt bearbeitet 16.06.2026 23:41:59
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.74% | 0.945 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://tomcat.apache.org/security-6.html
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://secunia.com/advisories/57126
http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html
http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html
http://tomcat.apache.org/security-7.html
http://marc.info/?l=bugtraq&m=136612293908376&w=2
http://secunia.com/advisories/51371
http://svn.apache.org/viewvc?view=revision&revision=1350301
http://svn.apache.org/viewvc?view=revision&revision=1356208
http://www.securityfocus.com/bid/56402
http://www.securitytracker.com/id?1027729
http://www.ubuntu.com/usn/USN-1637-1
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19218