Summary
The host is running Apache Tomcat Server and is prone to denial of service vulnerability.
Impact
Successful exploitation will allow remote attackers to cause a denial of service conditions.
Impact Level: Application
Solution
Upgrade to Apache Tomcat 7.0.52 or later,
For updates refer to http://tomcat.apache.org/
Insight
The flaw is caused by configuring an appropriate timeout using the connectionTimeout property for the relevant Connector(s) defined in server.xml.
Affected
Apache Tomcat version 7.0.x
References
- http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/
- http://openwall.com/lists/oss-security/2012/11/26/2
- http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html
- http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html
- https://bugzilla.redhat.com/show_bug.cgi?id=880011
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-5568 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Apache mod_include priviledge escalation
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- Apache Tomcat Denial Of Service Vulnerability (Windows)
- Lil' HTTP Server Cross Site Scripting Vulnerability
- Acme thttpd and mini_httpd Terminal Escape Sequence in Logs Command Injection Vulnerability