Description

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Remediation

References

CVE-2012-2733

Related Vulnerabilities

WP GDPR Compliance Privilege Escalation (1.4.2)

Listing, Classified Ads & Business Directory-uListing Multiple Vulnerabilities (2.0.5)

Drupal Other Vulnerability (CVE-2006-4120)

Controlled Admin Access Security Bypass (1.5.5)

Total Team Lite-Responsive Team Manager/Showcase for WordPress includes Backdoor [Only if downloaded via the vendor website] (1.1.1)

Severity

Medium

Classification

CVE-2012-2733 CWE-20

Tags

Missing Update Known Vulnerabilities