Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:APACHE-NIO-DOS |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Tomcat NIO Connector Denial of Service |
Release Date |
2014/08/11 |
Update Number |
2407 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache Tomcat NIO Connector Denial of Service
This signature detects attempts to exploit a known flaw in Apache Tomcat. The vulnerability is due to an infinite loop in NIO Connector when a client breaks the connection in the middle of reading the response for a request to a big file. An unauthenticated, remote attacker can exploit this vulnerability by sending HTTP requests for a large file and disconnecting from the server while reading the file. Successful exploitation could result in a denial of service condition.
Extended Description
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
Affected Products
- Apache tomcat 6.0
- Apache tomcat 6.0.0
- Apache tomcat 6.0.1
- Apache tomcat 6.0.10
- Apache tomcat 6.0.11
- Apache tomcat 6.0.12
- Apache tomcat 6.0.13
- Apache tomcat 6.0.14
- Apache tomcat 6.0.15
- Apache tomcat 6.0.16
- Apache tomcat 6.0.17
- Apache tomcat 6.0.18
- Apache tomcat 6.0.19
- Apache tomcat 6.0.2
- Apache tomcat 6.0.20
- Apache tomcat 6.0.24
- Apache tomcat 6.0.26
- Apache tomcat 6.0.27
- Apache tomcat 6.0.28
- Apache tomcat 6.0.29
- Apache tomcat 6.0.3
- Apache tomcat 6.0.30
- Apache tomcat 6.0.31
- Apache tomcat 6.0.32
- Apache tomcat 6.0.33
- Apache tomcat 6.0.35
- Apache tomcat 6.0.4
- Apache tomcat 6.0.5
- Apache tomcat 6.0.6
- Apache tomcat 6.0.7
- Apache tomcat 6.0.8
- Apache tomcat 6.0.9
- Apache tomcat 7.0.0
- Apache tomcat 7.0.1
- Apache tomcat 7.0.10
- Apache tomcat 7.0.11
- Apache tomcat 7.0.12
- Apache tomcat 7.0.13
- Apache tomcat 7.0.14
- Apache tomcat 7.0.15
- Apache tomcat 7.0.16
- Apache tomcat 7.0.17
- Apache tomcat 7.0.18
- Apache tomcat 7.0.19
- Apache tomcat 7.0.2
- Apache tomcat 7.0.20
- Apache tomcat 7.0.21
- Apache tomcat 7.0.22
- Apache tomcat 7.0.23
- Apache tomcat 7.0.25
- Apache tomcat 7.0.3
- Apache tomcat 7.0.4
- Apache tomcat 7.0.5
- Apache tomcat 7.0.6
- Apache tomcat 7.0.7
- Apache tomcat 7.0.8
- Apache tomcat 7.0.9
References
- CVE: CVE-2012-4534