Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <984134001.37503162.1353888646997.JavaMail.root@redhat.com>
Date: Sun, 25 Nov 2012 19:10:47 -0500 (EST)
From: David Jorm <djorm@...hat.com>
To: "oss-security " <oss-security@...ts.openwall.com>
Subject: CVE Request: slowloris for tomcat

The old slowloris attack has CVE IDs for various affected platforms, but not for tomcat. My testing has shown that tomcat is indeed affected, and others [0] [1] back this up. Could we please get a CVE ID assigned for slowloris as it affects tomcat?

Thanks
-- 
David Jorm / Red Hat Security Response Team

[0] http://tomcat.10.n6.nabble.com/How-does-Tomcat-handle-a-slow-HTTP-DoS-td2147776.html
[1] http://captainholly.wordpress.com/2009/06/19/slowloris-vs-tomcat/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.