oss-sec mailing list archives
CVE Request: slowloris for tomcat
From: David Jorm <djorm () redhat com>
Date: Sun, 25 Nov 2012 19:10:47 -0500 (EST)
The old slowloris attack has CVE IDs for various affected platforms, but not for tomcat. My testing has shown that tomcat is indeed affected, and others [0] [1] back this up. Could we please get a CVE ID assigned for slowloris as it affects tomcat? Thanks -- David Jorm / Red Hat Security Response Team [0] http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-td2147776.html [1] http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/
Current thread:
- CVE Request: slowloris for tomcat David Jorm (Nov 25)
- Re: CVE Request: slowloris for tomcat Kurt Seifried (Nov 25)