CVE-2007-6750 CVE-2009-5111 A denial of service vulnerability is present in some HTTP servers

Version 2

    Verified Product Versions

    Avalanche 6.1Avalanche 6.0Avalanche 5.3Avalanche SE 5.3

    Environment:

    AvalancheMC, AvalancheSE, and Avalanche running Tomcat Server

     

    Issue:

    • Common Vulnerabilities & Exposures (CVE) CVE-2007-6750 CVE-2009-5111

     

    The issue affects Tomcat servers also, but no patch is available for Tomcat as the Tomcat security team does not consider this as a vulnerability.

     

    More information here: http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat

     

    Resolution:

    • Set appropriate timeout values in the connectionTimeout property for the relevant Connector(s) defined in server.xml,

     

    Further information here: https://bugzilla.redhat.com/show_bug.cgi?id=880011