You are here

Airlock protects Apache Tomcat against DoS

IDs: 
CVE-2012-2733
Keywords: 
tomcat, DOS, Header Length
Description: 

Versions affected:

- Apache Tomcat 7.0.0 to 7.0.27
- Apache Tomcat 6.0.0 to 6.0.35

Description:

The checks that limited the permitted size of request headers were implemented too late in the request parsing process in the HTTP NIO connector of Apache Tomcat. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large headers.

Resolution: 

Airlock protects applications by checking the length of the HTTP headers before they are propagated to Back-end servers or Add-on Modules. No action is needed.

Component: 
Airlock
Airlock Vulnerability Status: 
No action required
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock