Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Leen-Meyer:test
tomcat6
README.SUSE.in
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File README.SUSE.in of Package tomcat6
Slowloris DOS attack (CVE-2012-5568) ==================================== Your tomcat installation can be afected by the Slowloris [1] attack, if exposed through port 80 with default connection timeout settings. This kind of attack opens a lot of connections and hold them open for a long time by sending a few packets before the default timeout expires. The default value for tomcat is 60 seconds, which, with usage of threads for handling requests, make it very vulnerable to this kind of attack. The default installed tomcat on SUSE system has following timeout settings. 20000 (20s) for port 8080 protocol HTTP/1.1 60000 (60s) for port 8009 protocol AJP/1.3 Ports 8080 and 8009 are usually not exposed to public Internet, so the default installation is not vulnerable. In case your tomcat is configured to listen on port standard ports 80 (HTTP) or 443 (HTTPS), it is highly recommended to change the default timeout settings. For details about connectionTimeout/keepAliveTimeout consult the online documentation [2], or /srv/tomcat/webapps/docs/config/http.html from @@NAME@@-doc-webbapps [1] http://en.wikipedia.org/wiki/Slowloris [2] http://tomcat.apache.org/tomcat-@@MAJOR@@.@@MINOR@@-doc/config/http.html Your SUSE team
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor