Release date: 2012-4 4
Updated on: 2012-12-06
Affected Systems:
Apache Group Tomcat 7.0.0-7.0.29
Apache Group Tomcat 6.0.0-6.0.35
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56813
CVE (CAN) ID: CVE-2012-4534
Apache Tomcat is a popular open source JSP application server program.
Tomcat 7.0.0-7.0.27 and Tomcat 6.0.0-6.0.35 when using the NIO connector with sendfile and HTTPS enabled, if the client requests a large static file, in addition, disconnection from the server during response reading will generate an endless loop on the server side, resulting in DOS.
<* Source: Arun Neelicattu
Link: 3C50BE535A.9000600@apache.org % 3E "target =" _ blank "> http://mail-archives.apache.org/mod_mbox/tomcat-announce/201212.mbox/%3C50BE535A.9000600@apache.org%3E
Https://issues.apache.org/bugzilla/show_bug.cgi? Id = 52858
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://jakarta.apache.org/tomcat/index.html