Description

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

Remediation

References

CVE-2012-2733

Related Vulnerabilities

WordPress Plugin Gmedia Photo Gallery Arbitrary File Upload (1.2.1)

WordPress Plugin MailChimp List Subscribe Form Multiple Unspecified Vulnerabilities (1.1)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Request Forgery (4.4.3)

OpenSSL Cryptographic Issues Vulnerability (CVE-2013-6450)

ownCloud Improper Authentication Vulnerability (CVE-2014-2047)

Severity

Medium

Classification

CVE-2012-2733 CWE-20

Tags

Missing Update Known Vulnerabilities