oss-sec mailing list archives
Re: CVE Request: slowloris for tomcat
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 25 Nov 2012 17:52:19 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/25/2012 05:10 PM, David Jorm wrote:
The old slowloris attack has CVE IDs for various affected platforms, but not for tomcat. My testing has shown that tomcat is indeed affected, and others [0] [1] back this up. Could we please get a CVE ID assigned for slowloris as it affects tomcat? Thanks
Please use CVE-2012-5568 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQsr0/AAoJEBYNRVNeJnmTMCQQAIPCAox82g0duJMP8iQonC6J 5c5BrzhlNCMlSkVx+UsDsf5D3epNO6NZ+NNjapry0JBF+UkgB6L+KmE/RirmAosd ppgXZKqeoYJxjhhaq02STlJGyQa4dEOKS5+uUz7gurhzlkHPRw1lLbStVir3CQVK Tcw9eiB485J/yEFeMCEyZjYB8o16V+kATUHKp0Uft78tjxkfjwr2Gleccbrx54pv Wh8e2YH0CHL5buHwvVHTg0kvgIC/TyYBcqZQMihVpRf13K06bdj3wldDe107QoBN A2UnncLxNWuPBfUD9fRutabG45fJJmZYV2kC221YJIF33/24BYixbrg6f2Vm6BaZ 4Uxf8Xh+Riw1bjUEZdjV/VbSvk53KMC6SOFQneYeXZqR+zKRjLVOBTuTzKp1uH6T /403tlABGSnGosntMfY8DN0QfJzScPkiap2zb3kvKyAGNitaOTtqiE2pVfelEI2c vEmx4HMLvMAUJ+i6E90aXIgBFfvyu50Mzmh5C1mXpPr2QtZpUEzalRLszpkyASSO VXBDXj4ZrB5y8th0MxTmQqoIIsoaPLq1RV+Ye6H3GIzyf2bHqAqhmbaGiyx5Co7m Qw9p5wN7F0Av4e32w/z8DiRaAcqyZ/3D19jV0PUIacvnwV4iy8CddmC44CLMpH/S rnre/Q8jk/oESSX0ORzo =J0kT -----END PGP SIGNATURE-----
Current thread:
- CVE Request: slowloris for tomcat David Jorm (Nov 25)
- Re: CVE Request: slowloris for tomcat Kurt Seifried (Nov 25)