Slowloris DOS attack (CVE-2012-5568)
====================================

Your tomcat installation can be afected by the Slowloris [1] attack, if exposed
through port 80 with default connection timeout settings. This kind of attack
opens a lot of connections and hold them open for a long time by sending a few
packets before the default timeout expires. The default value for tomcat is 60
seconds, which, with usage of threads for handling requests, make it very
vulnerable to this kind of attack.

The default installed tomcat on SUSE system has following timeout settings.

20000 (20s) for port 8080 protocol HTTP/1.1
60000 (60s) for port 8009 protocol AJP/1.3

Ports 8080 and 8009 are usually not exposed to public Internet, so the default
installation is not vulnerable. In case your tomcat is configured to listen on
port standard ports 80 (HTTP) or 443 (HTTPS), it is highly recommended to
change the default timeout settings.

For details about connectionTimeout/keepAliveTimeout consult the online documentation [2],
or /srv/tomcat/webapps/docs/config/http.html from @@NAME@@-doc-webbapps

[1] http://en.wikipedia.org/wiki/Slowloris
[2] http://tomcat.apache.org/tomcat-@@MAJOR@@.@@MINOR@@-doc/config/http.html

Your SUSE team