CVE-2012-2733
Publication date 16 November 2012
Last updated 24 July 2024
Ubuntu priority
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
Status
Package | Ubuntu Release | Status |
---|---|---|
tomcat6 | 13.04 raring |
Not affected
|
12.10 quantal |
Fixed 6.0.35-5ubuntu0.1
|
|
12.04 LTS precise |
Fixed 6.0.35-1ubuntu3.1
|
|
11.10 oneiric |
Fixed 6.0.32-5ubuntu1.3
|
|
10.04 LTS lucid |
Fixed 6.0.24-2ubuntu1.11
|
|
8.04 LTS hardy | Not in release | |
tomcat7 | 13.04 raring |
Not affected
|
12.10 quantal |
Not affected
|
|
12.04 LTS precise |
Fixed 7.0.26-1ubuntu1.2
|
|
11.10 oneiric |
Fixed 7.0.21-1ubuntu0.1
|
|
10.04 LTS lucid | Not in release | |
8.04 LTS hardy | Not in release |
Patch details
Package | Patch details |
---|---|
tomcat6 | |
tomcat7 |
References
Related Ubuntu Security Notices (USN)
- USN-1637-1
- Tomcat vulnerabilities
- 21 November 2012