CVE-2012-2733

Publication date 16 November 2012

Last updated 24 July 2024


Ubuntu priority

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
tomcat6 13.04 raring
Not affected
12.10 quantal
Fixed 6.0.35-5ubuntu0.1
12.04 LTS precise
Fixed 6.0.35-1ubuntu3.1
11.10 oneiric
Fixed 6.0.32-5ubuntu1.3
10.04 LTS lucid
Fixed 6.0.24-2ubuntu1.11
8.04 LTS hardy Not in release
tomcat7 13.04 raring
Not affected
12.10 quantal
Not affected
12.04 LTS precise
Fixed 7.0.26-1ubuntu1.2
11.10 oneiric
Fixed 7.0.21-1ubuntu0.1
10.04 LTS lucid Not in release
8.04 LTS hardy Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
tomcat6
tomcat7

References

Related Ubuntu Security Notices (USN)

    • USN-1637-1
    • Tomcat vulnerabilities
    • 21 November 2012

Other references