Slowloris DOS attack (CVE-2012-5568) ==================================== Your tomcat installation can be afected by the Slowloris [1] attack, if exposed through port 80 with default connection timeout settings. This kind of attack opens a lot of connections and hold them open for a long time by sending a few packets before the default timeout expires. The default value for tomcat is 60 seconds, which, with usage of threads for handling requests, make it very vulnerable to this kind of attack. The default installed tomcat on SUSE system has following timeout settings. 20000 (20s) for port 8080 protocol HTTP/1.1 60000 (60s) for port 8009 protocol AJP/1.3 Ports 8080 and 8009 are usually not exposed to public Internet, so the default installation is not vulnerable. In case your tomcat is configured to listen on port standard ports 80 (HTTP) or 443 (HTTPS), it is highly recommended to change the default timeout settings. For details about connectionTimeout/keepAliveTimeout consult the online documentation [2], or /srv/tomcat/webapps/docs/config/http.html from @@NAME@@-doc-webbapps [1] http://en.wikipedia.org/wiki/Slowloris [2] http://tomcat.apache.org/tomcat-@@MAJOR@@.@@MINOR@@-doc/config/http.html Your SUSE team