Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: slowloris for tomcat
From: David Jorm <djorm () redhat com>
Date: Sun, 25 Nov 2012 19:10:47 -0500 (EST)

The old slowloris attack has CVE IDs for various affected platforms, but not for tomcat. My testing has shown that 
tomcat is indeed affected, and others [0] [1] back this up. Could we please get a CVE ID assigned for slowloris as it 
affects tomcat?

Thanks
-- 
David Jorm / Red Hat Security Response Team

[0] http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-td2147776.html
[1] http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]