Summary: | CVE-2012-5568 Tomcat is vulnerable to Slowloris denial of service | ||
---|---|---|---|
Product: | Tomcat 6 | Reporter: | M McClain <mmcclain> |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | RESOLVED INVALID | ||
Severity: | normal | ||
Priority: | P2 | ||
Version: | 6.0.36 | ||
Target Milestone: | default | ||
Hardware: | All | ||
OS: | All |
Description
M McClain
2012-12-08 00:38:30 UTC
Quoting [1] "Note that all networked servers are subject to denial of service attacks, and we cannot promise magic workarounds to generic problems (such as a client streaming lots of data to your server, or re-requesting the same URL repeatedly). In general our philosophy is to avoid any attacks which can cause the server to consume resources in a non-linear relationship to the size of inputs." Also, this was discussed on the users mailing list [2] many years ago. [1] http://tomcat.apache.org/security.html [2] http://tomcat.markmail.org/thread/7pjy3f3n3gasclih |