製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Tomcat におけるサービス運用妨害 (デーモンの停止) の脆弱性

Title	Apache Tomcat におけるサービス運用妨害 (デーモンの停止) の脆弱性
Summary	Apache Tomcat には、サービス運用妨害 (デーモンの停止) 状態となる脆弱性が存在します。
Possible impacts	第三者により、一部の HTTP リクエストを介して、サービス運用妨害 (デーモンの停止) 状態にされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 30, 2012, midnight
Registration Date	Dec. 4, 2012, 2:11 p.m.
Last Update	Dec. 4, 2012, 2:11 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected System

Apache Software Foundation

Apache Tomcat 7.0.28 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2012-5568	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5568
National Vulnerability Database (NVD)
2	CVE-2012-5568	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5568

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-16	https://jvndb.jvn.jp/ja/cwe/CWE-16.html

ベンダー情報

No	Name	URL
Red Hat Bugzilla
1	Bug 508238	https://bugzilla.redhat.com/show_bug.cgi?id=508238
2	Bug 880011	https://bugzilla.redhat.com/show_bug.cgi?id=880011

Change Log

No	Changed Details	Date of change
0	[2012年12月04日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2012-5568

Summary	Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
Publication Date	Dec. 1, 2012, 4:55 a.m.
Registration Date	Jan. 28, 2021, 3:06 p.m.
Last Update	Nov. 21, 2024, 10:44 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat::::::::		7.0.0	7.0.105

Configuration2	or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.4:::::::*
cpe:2.3:o:opensuse:opensuse:12.2:::::::*
cpe:2.3:o:opensuse:opensuse:12.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/	Exploit Third Party Advisory
2	http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/	Exploit Third Party Advisory
3	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	Mailing List Third Party Advisory
4	http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html	Mailing List Third Party Advisory
5	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	Mailing List Third Party Advisory
6	http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html	Mailing List Third Party Advisory
7	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	Mailing List Third Party Advisory
8	http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html	Mailing List Third Party Advisory
9	http://openwall.com/lists/oss-security/2012/11/26/2	Mailing List Third Party Advisory
10	http://openwall.com/lists/oss-security/2012/11/26/2	Mailing List Third Party Advisory
11	http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html	Vendor Advisory
12	http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147776.html	Vendor Advisory
13	http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html	Vendor Advisory
14	http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-tc2147779.html	Vendor Advisory
15	http://www.securityfocus.com/bid/56686	Third Party Advisory VDB Entry
16	http://www.securityfocus.com/bid/56686	Third Party Advisory VDB Entry
17	https://bugzilla.redhat.com/show_bug.cgi?id=880011	Issue Tracking Third Party Advisory
18	https://bugzilla.redhat.com/show_bug.cgi?id=880011	Issue Tracking Third Party Advisory
19	https://exchange.xforce.ibmcloud.com/vulnerabilities/80317	Third Party Advisory VDB Entry
20	https://exchange.xforce.ibmcloud.com/vulnerabilities/80317	Third Party Advisory VDB Entry

Common Vulnerabilities List