Jim, Check your Tomcat version.
http://localhost:8080/ Stephen On Dec 4, 2012, at 2:47 PM, Mark Thomas <ma...@apache.org> wrote: > CVE-2012-4534 Apache Tomcat denial of service > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > - Tomcat 7.0.0 to 7.0.27 > - Tomcat 6.0.0 to 6.0.35 > > Description: > When using the NIO connector with sendfile and HTTPS enabled, if a > client breaks the connection while reading the response an infinite loop > is entered leading to a denial of service. This was originally reported > as https://issues.apache.org/bugzilla/show_bug.cgi?id=52858. > > Mitigation: > Users of affected versions should apply one of the following mitigations: > - Tomcat 7.0.x users should upgrade to 7.0.28 or later > - Tomcat 6.0.x users should upgrade to 6.0.36 or later > > Credit: > The security implications of this bug were identified by Arun Neelicattu > of the Red Hat Security Response Team. > > References: > http://tomcat.apache.org/security.html > http://tomcat.apache.org/security-7.html > http://tomcat.apache.org/security-6.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
