On 25/06/2015 07:07, Nikitha Benny wrote: > Hi, > > I am confused regarding the 2 security issues CVE-2007-6750 > and CVE-2009-5111. > > Can they be tracked to CVE-2012-5568?
All of those CVEs are essentially the same issue (slowloris) in different products. > According to CVE-2012-5568, I understand that this is not a vulnerability > in Tomcat. Please confirm. That depends on your point of view. > When Tomcat 7.0.62 was scanned using McAfee Vulnerability Manager Tool, it > reported the below results: > > *>> HTTP Server Prone To Slow Denial Of Service Attack [FID 12824]* 5.0 > Medium > 10.53.137.57:80 (http) ,10.53.137.57:8081 (http) > > *>> HTTP Server Prone To Slow Denial Of Service Attack [FID 12824]* 5.0 > Medium > 10.53.137.56:80 (http) ,10.53.137.56:8081 (http) > > > Please help me understand if this can be resolved or if this is a valid > vulnerability. Read this and the referenced links. https://bz.apache.org/bugzilla/show_bug.cgi?id=54263 Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
