Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-4534

Disclosure Date: December 19, 2012
CVE-2012-4534
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apache

Products

  • tomcat 6.0,
  • tomcat 6.0.0,
  • tomcat 6.0.1,
  • tomcat 6.0.10,
  • tomcat 6.0.11,
  • tomcat 6.0.12,
  • tomcat 6.0.13,
  • tomcat 6.0.14,
  • tomcat 6.0.15,
  • tomcat 6.0.16,
  • tomcat 6.0.17,
  • tomcat 6.0.18,
  • tomcat 6.0.19,
  • tomcat 6.0.2,
  • tomcat 6.0.20,
  • tomcat 6.0.24,
  • tomcat 6.0.26,
  • tomcat 6.0.27,
  • tomcat 6.0.28,
  • tomcat 6.0.29,
  • tomcat 6.0.3,
  • tomcat 6.0.30,
  • tomcat 6.0.31,
  • tomcat 6.0.32,
  • tomcat 6.0.33,
  • tomcat 6.0.35,
  • tomcat 6.0.4,
  • tomcat 6.0.5,
  • tomcat 6.0.6,
  • tomcat 6.0.7,
  • tomcat 6.0.8,
  • tomcat 6.0.9,
  • tomcat 7.0.0,
  • tomcat 7.0.1,
  • tomcat 7.0.10,
  • tomcat 7.0.11,
  • tomcat 7.0.12,
  • tomcat 7.0.13,
  • tomcat 7.0.14,
  • tomcat 7.0.15,
  • tomcat 7.0.16,
  • tomcat 7.0.17,
  • tomcat 7.0.18,
  • tomcat 7.0.19,
  • tomcat 7.0.2,
  • tomcat 7.0.20,
  • tomcat 7.0.21,
  • tomcat 7.0.22,
  • tomcat 7.0.23,
  • tomcat 7.0.25,
  • tomcat 7.0.3,
  • tomcat 7.0.4,
  • tomcat 7.0.5,
  • tomcat 7.0.6,
  • tomcat 7.0.7,
  • tomcat 7.0.8,
  • tomcat 7.0.9

References

Canonical
CVE-2012-4534 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4534)
BID-56813 (http://www.securityfocus.com/bid/56813)
Advisory
SSRT101139 (http://marc.info?l=bugtraq&m=136612293908376&w=2)
http://svn.apache.org/viewvc?view=revision&revision=1340218
http://lists.opensuse.org/opensuse-updates/2013-01/msg00051.html
USN-1685-1 (http://www.ubuntu.com/usn/USN-1685-1)
SECTRACK-1027836 (http://www.securitytracker.com/id?1027836)
http://lists.opensuse.org/opensuse-updates/2013-01/msg00080.html
SSRT101182 (https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03748878)
https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
http://lists.opensuse.org/opensuse-updates/2013-01/msg00061.html
http://tomcat.apache.org/security-7.html
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1340218&r2=1340217&pathrev=1340218
http://tomcat.apache.org/security-6.html
SECUNIA-57126 (http://secunia.com/advisories/57126)
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?r1=1340218&r2=1340217&pathrev=1340218
http://rhn.redhat.com/errata/RHSA-2013-0623.html
20121204 CVE-2012-4534 Apache Tomcat denial of service (http://archives.neohapsis.com/archives/bugtraq/2012-12/0043.html)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19398
HPSBST02955 (http://marc.info?l=bugtraq&m=139344343412337&w=2)
Miscellaneous
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://marc.info/?l=bugtraq&m=136612293908376&w=2

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis