Intrusion Prevention



This indicates an attack attempt to exploit a Denial of Service Vulnerability in Apache Tomcat.
The vulnerability is due to an infinite loop in the NIO Connector. The infinite loop was caused by a client breaks the connection in the middle of reading the response for a request of a big file. As a result, a remote attacker may be able to exploit this to cause a denial-of-service condition on the affected system.

Affected Products

- Apache Software Foundation Tomcat 7.x prior to 7.0.28
- Apache Software Foundation Tomcat 6.x prior to 6.0.36


Denial of Service:
Remote attackers can crash vulnerable systems.

CVE References