tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brandon McCombs <bmcco...@tibco.com>
Subject is tomcat 6.0.35 vulnerable to CVE-2007-6750?
Date Wed, 12 Jun 2013 15:33:52 GMT
I don't know if this is the correct list but it seem to be the best one.

I'm trying to find evidence of whether tomcat 6.0.35 is vulnerable (and if so, was it fixed
and in which version?) to the issue identified in CVE-2007-6750?

"The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon
outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the
mod_reqtimeout module in versions before 2.2.15."

I found a single statement on https://bugzilla.redhat.com/show_bug.cgi?id=880011 that says
Tomcat is affected but I haven't found any published fix from RH or any confirmation on tomcat.apache.org
website.

Any info would be great.

thanks

Brandon McCombs



--
Brandon McCombs
LogLogic Technical Support and Professional Services Engineer
TIBCO Software, Inc.
Office: 1-304-816-4488


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message