Summary
The host is running Apache Tomcat Server and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow remote attackers to cause a denial of service conditions.
Impact Level: Application
Solution
Upgrade to Apache Tomcat 7.0.52 or later,
For updates refer to http://tomcat.apache.org/
Insight
The flaw is caused by configuring an appropriate timeout using the connectionTimeout property for the relevant Connector(s) defined in server.xml.
Affected
Apache Tomcat version 7.0.x
References
- http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/
- http://openwall.com/lists/oss-security/2012/11/26/2
- http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html
- http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html
- https://bugzilla.redhat.com/show_bug.cgi?id=880011
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-5568 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Cherokee URI Directory Traversal Vulnerability and Information Disclosure Vulnerability
- IBM Rational Quality Manager and Rational Test Lab Manager Tomcat Default Account Vulnerability
- Acritum Femitter Server HTTP Request Remote File Disclosure Vulnerability
- GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
- IBM WebSphere Application Server (WAS) Multiple Vulnerabilities 01 - March 2011