Apache Tomcat Slowloris tool DoS Vulnerability

Release date:
Updated on:

Affected Systems:
Apache Group Tomcat 7.x
Apache Group Tomcat 6.x
Apache Group Tomcat 5.x
Apache Group Tomcat 5.x
Apache Group Tomcat 3.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56686
CVE (CAN) ID: CVE-2012-5568

Apache Tomcat is a popular open source JSP application server program. Slowloris is a low-bandwidth Denial-of-Service attack tool.

Apache Tomcat has a security vulnerability. Remote attackers can use Slowloris to launch DoS attacks.

<* Source: David Jorm

Link: https://bugzilla.redhat.com/show_bug.cgi? Id = 880011
*>

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

1. Configure an appropriate timeout value through the connectionTimeout attribute of the connector defined in server. xml.
2. Configure Firewall settings
For more information, see
Https://bugzilla.redhat.com/show_bug.cgi? CVE-2007-6750

Vendor patch:

Apache Group
------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://jakarta.apache.org/tomcat/index.html