Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. This issue affects tomcat and jbossweb as shipped in various Red Hat products. It can be mitigated using appropriate firewall configuration or mod_reqtimeout configuration.
Unitrends systems do not have tomcat or jbossweb installed.
CVSS v2 Base Score 5
Generally, a scan which shows CVE-2012-5568 is a false positive, since Unitrends systems do not have tomcat or jbossweb installed.
However, applying Unitrends security_update 10.18 or later will configure and load mod_reqtimeout with httpd to remediate apache DoS attacks. See the end of KB 1150 for instructions
LINK TO ADVISORIES
- https://access.redhat.com/security/cve/CVE-2012-5568 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6750 http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5568 http://linuxtoolkit.blogspot.com/2014/04/using-modreqtimeout-to-make-http-server.html