Bug 789406 (CVE-2012-2733) - VUL-0: CVE-2012-2733: tomcat: HTTP NIO connector OOM DoS via a request with large headers
Summary: VUL-0: CVE-2012-2733: tomcat: HTTP NIO connector OOM DoS via a request with l...
Status: RESOLVED FIXED
Alias: CVE-2012-2733
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P2 - High : Major
Target Milestone: ---
Deadline: 2012-12-12
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp1:50675 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-13 14:19 UTC by Matthias Weckbecker
Modified: 2014-07-17 09:46 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Weckbecker 2012-11-13 14:19:44 UTC 
Quote from [1]

  "The checks that limited the permitted size of request headers were
   implemented too late in the request parsing process for the HTTP NIO
   connector. This enabled a malicious user to trigger an OutOfMemoryError
   by sending a single request with very large headers."

Patch available from the upstream repository [2].

[1] http://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.36
[2] http://svn.apache.org/viewvc?view=revision&revision=1356208
Comment 1 Michal Vyskocil 2012-11-23 13:12:03 UTC 
sle-11: 22781

openSUSE: WIP
Comment 2 Michal Vyskocil 2012-11-23 15:09:24 UTC 
12.1: 142603
12.2: WIP
factory: WIP
Comment 3 Bernhard Wiedemann 2012-11-23 16:00:33 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/142603 Maintenance /
Comment 4 Michal Vyskocil 2012-11-26 13:05:45 UTC 
12.2: 142908
factory: N/A - this has been fixed by 7.0.28 and there is .30 in factory atm
Comment 5 Bernhard Wiedemann 2012-11-26 14:00:17 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/142908 Maintenance /
Comment 8 Swamp Workflow Management 2012-11-28 10:53:26 UTC 
The SWAMPID for this issue is 50301.
This issue was rated as moderate.
Please submit fixed packages until 2012-12-12.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 9 Bernhard Wiedemann 2012-12-04 09:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/144019 Maintenance /
Comment 10 Bernhard Wiedemann 2012-12-07 13:00:51 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/144552 Maintenance /
Comment 11 Bernhard Wiedemann 2012-12-10 11:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/144937 Maintenance /
Comment 12 Bernhard Wiedemann 2012-12-10 13:00:20 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/144949 Maintenance /
Comment 13 Michal Vyskocil 2012-12-10 13:23:35 UTC 
submitted with the other's security issues
Comment 15 Bernhard Wiedemann 2012-12-10 14:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/144953 Maintenance /
Comment 16 Bernhard Wiedemann 2012-12-10 16:00:18 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/144989 Maintenance / 
https://build.opensuse.org/request/show/144990 Maintenance /
Comment 17 Bernhard Wiedemann 2012-12-19 16:00:09 UTC 
This is an autogenerated message for OBS integration:
This bug (789406) was mentioned in
https://build.opensuse.org/request/show/145902 Maintenance /
Comment 18 Swamp Workflow Management 2012-12-27 16:08:41 UTC 
openSUSE-SU-2012:1700-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 789406,791423,791424,791426,791679,793391,793394
CVE References: CVE-2009-2693,CVE-2009-2901,CVE-2009-2902,CVE-2012-2733,CVE-2012-3546,CVE-2012-4431,CVE-2012-5568,CVE-2012-5885,CVE-2012-5886,CVE-2012-5887
Sources used:
openSUSE 12.1 (src):    libtcnative-1-0-1.3.3-3.7.1, tomcat6-6.0.33-3.7.1
Comment 19 Swamp Workflow Management 2012-12-27 16:10:05 UTC 
openSUSE-SU-2012:1701-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 779538,789406,791423,791424,791426,791679,793391,793394
CVE References: CVE-2009-2693,CVE-2009-2901,CVE-2009-2902,CVE-2012-2733,CVE-2012-3546,CVE-2012-4431,CVE-2012-5568,CVE-2012-5885,CVE-2012-5886,CVE-2012-5887
Sources used:
openSUSE 12.2 (src):    tomcat-7.0.27-2.9.1
Comment 20 Swamp Workflow Management 2013-02-01 11:49:39 UTC 
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
SUSE-MANAGER 1.2 (x86_64)
Comment 21 Swamp Workflow Management 2013-02-01 12:32:50 UTC 
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps
Products:
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)
Comment 22 Marcus Meissner 2013-02-04 14:15:01 UTC 
released