CVE-2012-2733 – tomcat: HTTP NIO connector OOM DoS via a request with large headers
https://notcve.org/view.php?id=CVE-2012-2733
java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data. java/org/apache/coyote/http11/InternalNioInputBuffer.java en el conector HTTP NIO en Apache Tomcat v6.x antes de v6.0.36 y v7.x antes de V7.0.28 no restringe correctamente el tamaño de la petición de cabecera, lo que permite a atacantes remotos causar una denegación de servicio (por excesivo consumo de memoria) a través de una gran cantidad de datos en una cabecera. • http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html http://marc.info/?l=bugtraq&m=136612293908376&w=2 http://marc.info/?l=bugtraq&m=139344343412337&w=2 http://secunia.com/advisories/51371 http://secunia.com/advisories/57126 http://svn.apache.org/viewvc?view=revision&revision=1350301 http://svn.apache.org/viewvc?view=revision&revision=135620 • CWE-20: Improper Input Validation •