CVE-2012-4534

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
apachetomcat
6.0
apachetomcat
6.0.0
apachetomcat
6.0.0:alpha
apachetomcat
6.0.1
apachetomcat
6.0.1:alpha
apachetomcat
6.0.2
apachetomcat
6.0.2:alpha
apachetomcat
6.0.2:beta
apachetomcat
6.0.3
apachetomcat
6.0.4
apachetomcat
6.0.4:alpha
apachetomcat
6.0.5
apachetomcat
6.0.6
apachetomcat
6.0.6:alpha
apachetomcat
6.0.7
apachetomcat
6.0.7:alpha
apachetomcat
6.0.7:beta
apachetomcat
6.0.8
apachetomcat
6.0.8:alpha
apachetomcat
6.0.9
apachetomcat
6.0.9:beta
apachetomcat
6.0.10
apachetomcat
6.0.11
apachetomcat
6.0.12
apachetomcat
6.0.13
apachetomcat
6.0.14
apachetomcat
6.0.15
apachetomcat
6.0.16
apachetomcat
6.0.17
apachetomcat
6.0.18
apachetomcat
6.0.19
apachetomcat
6.0.20
apachetomcat
6.0.24
apachetomcat
6.0.26
apachetomcat
6.0.27
apachetomcat
6.0.28
apachetomcat
6.0.29
apachetomcat
6.0.30
apachetomcat
6.0.31
apachetomcat
6.0.32
apachetomcat
6.0.33
apachetomcat
6.0.35
apachetomcat
7.0.0
apachetomcat
7.0.0:beta
apachetomcat
7.0.1
apachetomcat
7.0.2
apachetomcat
7.0.2:beta
apachetomcat
7.0.3
apachetomcat
7.0.4
apachetomcat
7.0.4:beta
apachetomcat
7.0.5
apachetomcat
7.0.6
apachetomcat
7.0.7
apachetomcat
7.0.8
apachetomcat
7.0.9
apachetomcat
7.0.10
apachetomcat
7.0.11
apachetomcat
7.0.12
apachetomcat
7.0.13
apachetomcat
7.0.14
apachetomcat
7.0.15
apachetomcat
7.0.16
apachetomcat
7.0.17
apachetomcat
7.0.18
apachetomcat
7.0.19
apachetomcat
7.0.20
apachetomcat
7.0.21
apachetomcat
7.0.22
apachetomcat
7.0.23
apachetomcat
7.0.25
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat6
hardy
dne
lucid
Fixed 6.0.24-2ubuntu1.12
released
oneiric
Fixed 6.0.32-5ubuntu1.4
released
precise
Fixed 6.0.35-1ubuntu3.2
released
quantal
Fixed 6.0.35-5ubuntu0.1
released
raring
not-affected
tomcat7
hardy
dne
lucid
dne
oneiric
Fixed 7.0.21-1ubuntu0.1
released
precise
Fixed 7.0.26-1ubuntu1.2
released
quantal
not-affected
raring
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
tomcat6
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-admin-webapps
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-docs-webapp
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-el-2.1-api
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-javadoc
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-jsp-2.1-api
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-lib
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-servlet-2.5-api
RHEL 6
0:6.0.24-52.el6_4
fixed
tomcat6-webapps
RHEL 6
0:6.0.24-52.el6_4
fixed
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html
http://marc.info/?l=bugtraq&m=136612293908376&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://secunia.com/advisories/57126
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218
http://svn.apache.org/viewvc?view=revision&revision=1340218
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/56813
http://www.securitytracker.com/id?1027836
http://www.ubuntu.com/usn/USN-1685-1
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878
https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398
http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html
http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html
http://marc.info/?l=bugtraq&m=136612293908376&w=2
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://rhn.redhat.com/errata/RHSA-2013-0623.html
http://secunia.com/advisories/57126
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218
http://svn.apache.org/viewvc?view=revision&revision=1340218
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://www.securityfocus.com/bid/56813
http://www.securitytracker.com/id?1027836
http://www.ubuntu.com/usn/USN-1685-1
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878
https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398