i think it's already release 6.0.33 now. your version 6.0.26 is quite outdated. please upgrade to the latest one.
http://tomcat.apache.org/download-60.cgi --- daniel baktiar On Wed, Aug 24, 2011 at 12:39 AM, Chirag Suthar <cbsut...@gmail.com> wrote: > Hi, > > > > We are using *Tomcat 6.0.26* with* Windows Server 2008 R2 Enterprise *as > Operating system. We performed security scan on environment and observed > Apache Tomcat NIO Connector Denial of Service. > > > > Here we go with the detail description and observation:* * > > * * > > *Description:* > > A denial of se*r*vice vulnerability is present in some versions of Apache > Tomcat. > > * * > > *Observation:* > > A denial of service vulnerability is present in some versions of Apache > Tomcat. > > The vulnerability is caused by an error in the NIO connector when > processing > a request line. By sending a specially-crafted request. > > Remote attackers could exploit the vulnerability to cause an OutOfMemory > error and crash the server. > > > > Will you be able to provide a patch or it’s already there then can you > please point down there? > > > > Thanks and Regards, > > Chirag >
