oss-sec mailing list archives

CVE Request: slowloris for tomcat

From: David Jorm <djorm () redhat com>
Date: Sun, 25 Nov 2012 19:10:47 -0500 (EST)

The old slowloris attack has CVE IDs for various affected platforms, but not for tomcat. My testing has shown that 
tomcat is indeed affected, and others [0] [1] back this up. Could we please get a CVE ID assigned for slowloris as it 
affects tomcat?

Thanks
-- 
David Jorm / Red Hat Security Response Team

[0] http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-td2147776.html
[1] http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/

Current thread:

CVE Request: slowloris for tomcat David Jorm (Nov 25)
- Re: CVE Request: slowloris for tomcat Kurt Seifried (Nov 25)