Bugzilla – Bug 831119
VUL-0: CVE-2012-3544: tomcat6 tomcat7: Denial of service via chunked transfer encoding
Last modified: 2013-09-11 06:02:51 UTC
via tomcat advisory pages CVE-2012-3544 Important: Denial of service CVE-2012-3544 When processing a request submitted using the chunked transfer encoding, Tomcat ignored but did not limit any extensions that were included. This allows a client to perform a limited DOS by streaming an unlimited amount of data to the server. TOMCAT6: This was fixed in revision 1476592. This issue was reported to the Tomcat security team on 10 November 2011 and made public on 10 May 2013. Affects: 6.0.0-6.0.36 TOMCAT7: This was fixed in revisions 1378702 and 1378921. This issue was reported to the Tomcat security team on 10 November 2011 and made public on 10 May 2013. Affects: 7.0.0-7.0.29
affects SLE11 tomcat6
bugbot adjusting priority
fixed in bnc#822177
This is an autogenerated message for OBS integration: This bug (831119) was mentioned in https://build.opensuse.org/request/show/184435 Maintenance /
The SWAMPID for this issue is 53781. This issue was rated as moderate. Please submit fixed packages until 2013-08-09. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
This is an autogenerated message for OBS integration: This bug (831119) was mentioned in https://build.opensuse.org/request/show/184951 Maintenance /
openSUSE-SU-2013:1307-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 768772,804992,822177,831117,831119 CVE References: CVE-2013-1976,CVE-2013-2067,CVE-2013-3544 Sources used: openSUSE 12.2 (src): tomcat-7.0.27-2.19.1
We published this incorrectly with a 2013 CVE instead of a 2012 CVE. :(
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
Update released for: tomcat6, tomcat6-admin-webapps, tomcat6-docs-webapp, tomcat6-javadoc, tomcat6-jsp-2_1-api, tomcat6-lib, tomcat6-servlet-2_5-api, tomcat6-webapps Products: SLE-SERVER 11-SP1-TERADATA (x86_64) SUSE-MANAGER 1.2 (x86_64)
released
This is an autogenerated message for OBS integration: This bug (831119) was mentioned in https://build.opensuse.org/request/show/196597 Evergreen:11.2 / tomcat6
openSUSE-SU-2013:1411-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 768772,822177,831117,831119 CVE References: CVE-2012-3544,CVE-2013-1976,CVE-2013-2067 Sources used: openSUSE 11.4 (src): tomcat6-6.0.32-42.1
This is an autogenerated message for OBS integration: This bug (831119) was mentioned in https://build.opensuse.org/request/show/198409 Evergreen:11.2 / tomcat6