CVE-2012-2733Improper Input Validation in Apache Tomcat

CWE-20Improper Input Validation8 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
20.3%
top 4.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedNov 16
Latest updateMay 17

Description

java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat57 versions+56

🔴Vulnerability Details

2
GHSA
GHSA-cpr9-82wf-f629: java/org/apache/coyote/http11/InternalNioInputBuffer2022-05-17
CVEList
CVE-2012-2733: java/org/apache/coyote/http11/InternalNioInputBuffer2012-11-16

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerabilities2012-11-21
Red Hat
tomcat: HTTP NIO connector OOM DoS via a request with large headers2012-11-05

💬Community

3
Bugzilla
CVE-2012-2733 tomcat: HTTP NIO connector OOM DoS via a request with large headers2012-11-06
Bugzilla
CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 CVE-2012-2733 tomcat various flaws [fedora-16]2012-11-06
Bugzilla
CVE-2012-5885 CVE-2012-5886 CVE-2012-5587 CVE-2012-2733 tomcat6 various flaws [fedora-all]2012-11-06
CVE-2012-2733 — Improper Input Validation in Apache | cvebase