'Re: [oss-security] CVE Request: slowloris for tomcat'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: slowloris for tomcat
From:       Kurt Seifried <kseifried () redhat ! com>
Date:       2012-11-26 0:52:19
Message-ID: 50B2BD43.6030207 () redhat ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/25/2012 05:10 PM, David Jorm wrote:
> The old slowloris attack has CVE IDs for various affected
> platforms, but not for tomcat. My testing has shown that tomcat is
> indeed affected, and others [0] [1] back this up. Could we please
> get a CVE ID assigned for slowloris as it affects tomcat?
> 
> Thanks
> 

Please use CVE-2012-5568 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQsr0/AAoJEBYNRVNeJnmTMCQQAIPCAox82g0duJMP8iQonC6J
5c5BrzhlNCMlSkVx+UsDsf5D3epNO6NZ+NNjapry0JBF+UkgB6L+KmE/RirmAosd
ppgXZKqeoYJxjhhaq02STlJGyQa4dEOKS5+uUz7gurhzlkHPRw1lLbStVir3CQVK
Tcw9eiB485J/yEFeMCEyZjYB8o16V+kATUHKp0Uft78tjxkfjwr2Gleccbrx54pv
Wh8e2YH0CHL5buHwvVHTg0kvgIC/TyYBcqZQMihVpRf13K06bdj3wldDe107QoBN
A2UnncLxNWuPBfUD9fRutabG45fJJmZYV2kC221YJIF33/24BYixbrg6f2Vm6BaZ
4Uxf8Xh+Riw1bjUEZdjV/VbSvk53KMC6SOFQneYeXZqR+zKRjLVOBTuTzKp1uH6T
/403tlABGSnGosntMfY8DN0QfJzScPkiap2zb3kvKyAGNitaOTtqiE2pVfelEI2c
vEmx4HMLvMAUJ+i6E90aXIgBFfvyu50Mzmh5C1mXpPr2QtZpUEzalRLszpkyASSO
VXBDXj4ZrB5y8th0MxTmQqoIIsoaPLq1RV+Ye6H3GIzyf2bHqAqhmbaGiyx5Co7m
Qw9p5wN7F0Av4e32w/z8DiRaAcqyZ/3D19jV0PUIacvnwV4iy8CddmC44CLMpH/S
rnre/Q8jk/oESSX0ORzo
=J0kT
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic