You are here
Airlock protects Apache Tomcat against DoS
Submitted on 6. November 2012 - 7:59 by erwin.
Last update on 7. November 2012 - 11:59.
Last update on 7. November 2012 - 11:59.
IDs:
CVE-2012-2733
Keywords:
tomcat, DOS, Header Length
Description:
Versions affected:
- Apache Tomcat 7.0.0 to 7.0.27
- Apache Tomcat 6.0.0 to 6.0.35
Description:
The checks that limited the permitted size of request headers were implemented too late in the request parsing process in the HTTP NIO connector of Apache Tomcat. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers.
Resolution:
Airlock protects applications by checking the length of the HTTP headers before they are propagated to Back-end servers or Add-on Modules. No action is needed.
Component:
Airlock
Airlock Vulnerability Status:
No action required
Back-end Vulnerability Status:
Does not affect back-end behind Airlock
Reference: