----- Original Message ----- > From: Chirag Suthar <cbsut...@gmail.com> > To: users@tomcat.apache.org > Cc: > Sent: Tuesday, August 23, 2011 9:39 AM > Subject: Need Help - Vulnerability Details > > Hi, > > > > We are using *Tomcat 6.0.26* with* Windows Server 2008 R2 Enterprise *as > Operating system. We performed security scan on environment and observed > Apache Tomcat NIO Connector Denial of Service. > > > > Here we go with the detail description and observation:* * > > * * > > *Description:* > > A denial of se*r*vice vulnerability is present in some versions of Apache > Tomcat. > > * * > > *Observation:* > > A denial of service vulnerability is present in some versions of Apache > Tomcat. > > The vulnerability is caused by an error in the NIO connector when processing > a request line. By sending a specially-crafted request. > > Remote attackers could exploit the vulnerability to cause an OutOfMemory > error and crash the server. > > > > Will you be able to provide a patch or it’s already there then can you > please point down there? > > > > Thanks and Regards, > > Chirag >
Read the following: http://tomcat.apache.org/security-6.html In particular: Important: Remote Denial Of Service CVE-2011-0534 This was fixed in 6.0.32. The current version 6.0.33. . . . . just my two cents. /mde/ --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
