Description: I am using a Web Vulnerability Scanner for the mart server and that is reporting the web server is vulnerable to Slow HTTP DoS (Denial of Service) attacks. The ERwin Apache Tomcat 7.0.57 installed on a Windows 2008 R2 server fails with security scan.
The Mart Server uses Tomcat, not the Apache HTTP Server. The Tomcat security team does not consider a timeout to be a vulnerability in tomcat. Neither do they plan to release a patch, as mentioned here: http://tomcat.apache.org/security-7.html#Not_a_vulnerability_in_Tomcat
- Please contact erwin Technical Support at http://erwin.com/support