CVE-2012-4534 — Infinite Loop in Apache Tomcat

CWE-3998 documents6 sources

Severity

2.6LOWNVD

EPSS

22.8%

top 4.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Tomcat

Timeline

PublishedDec 19

Latest updateMay 17

Description

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat57 versions+56

Patches

Patch: svn.apache.org ↗Patch: svn.apache.org ↗Patch: svn.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-pxwv-88pv-hh3j: org/apache/tomcat/util/net/NioEndpoint↗2022-05-17

▶

CVEList

CVE-2012-4534: org/apache/tomcat/util/net/NioEndpoint↗2012-12-19

▶

📋Vendor Advisories

Ubuntu

Tomcat vulnerabilities↗2013-01-14

▶

Red Hat

Tomcat - Denial Of Service when using NIO+SSL+sendfile↗2012-12-04

▶

💬Community

Bugzilla

CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile↗2012-12-05

▶

Bugzilla

CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile [fedora-all]↗2012-12-05

▶

Bugzilla

CVE-2012-4534 Tomcat - Denial Of Service when using NIO+SSL+sendfile [fedora-16]↗2012-12-05

▶