Your submission was sent successfully! Close

CVE-2012-4534

Published: 19 December 2012

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (6.0.24-2ubuntu1.12)
oneiric
Released (6.0.32-5ubuntu1.4)
precise
Released (6.0.35-1ubuntu3.2)
quantal
Released (6.0.35-5ubuntu0.1)
raring Not vulnerable
(6.0.35-6)
upstream
Released (6.0.35-6)
tomcat7
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric
Released (7.0.21-1ubuntu0.1)
precise
Released (7.0.26-1ubuntu1.2)
quantal Not vulnerable
(7.0.30-0ubuntu1)
raring Not vulnerable
(7.0.34-0ubuntu1)
upstream
Released (7.0.28-1)