CVE-2012-4534
Published: 19 December 2012
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
Priority
Status
Package | Release | Status |
---|---|---|
tomcat7 Launchpad, Ubuntu, Debian |
upstream |
Released
(7.0.28-1)
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
oneiric |
Released
(7.0.21-1ubuntu0.1)
|
|
precise |
Released
(7.0.26-1ubuntu1.2)
|
|
quantal |
Not vulnerable
(7.0.30-0ubuntu1)
|
|
raring |
Not vulnerable
(7.0.34-0ubuntu1)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1340218 upstream: http://svn.apache.org/viewvc?view=revision&revision=1342468 |
||
tomcat6 Launchpad, Ubuntu, Debian |
upstream |
Released
(6.0.35-6)
|
hardy |
Does not exist
|
|
lucid |
Released
(6.0.24-2ubuntu1.12)
|
|
oneiric |
Released
(6.0.32-5ubuntu1.4)
|
|
precise |
Released
(6.0.35-1ubuntu3.2)
|
|
quantal |
Released
(6.0.35-5ubuntu0.1)
|
|
raring |
Not vulnerable
(6.0.35-6)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1372035 |