CVE-2012-4534

Publication date 19 December 2012

Last updated 24 July 2024

Ubuntu priority

Description

org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
tomcat6	13.04 raring	Not affected
	12.10 quantal	Fixed 6.0.35-5ubuntu0.1
	12.04 LTS precise	Fixed 6.0.35-1ubuntu3.2
	11.10 oneiric	Fixed 6.0.32-5ubuntu1.4
	10.04 LTS lucid	Fixed 6.0.24-2ubuntu1.12
	8.04 LTS hardy	Not in release
tomcat7	13.04 raring	Not affected
	12.10 quantal	Not affected
	12.04 LTS precise	Fixed 7.0.26-1ubuntu1.2
	11.10 oneiric	Fixed 7.0.21-1ubuntu0.1
	10.04 LTS lucid	Not in release
	8.04 LTS hardy	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
tomcat6	Upstream: http://svn.apache.org/viewvc?view=revision&revision=1372035
tomcat7	Upstream: http://svn.apache.org/viewvc?view=revision&revision=1340218 Upstream: http://svn.apache.org/viewvc?view=revision&revision=1342468

References

Related Ubuntu Security Notices (USN)

USN-1685-1
Tomcat vulnerabilities
14 January 2013