I don't know if this is the correct list but it seem to be the best one. I'm trying to find evidence of whether tomcat 6.0.35 is vulnerable (and if so, was it fixed and in which version?) to the issue identified in CVE-2007-6750?
"The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15." I found a single statement on https://bugzilla.redhat.com/show_bug.cgi?id=880011 that says Tomcat is affected but I haven't found any published fix from RH or any confirmation on tomcat.apache.org website. Any info would be great. thanks Brandon McCombs -- Brandon McCombs LogLogic Technical Support and Professional Services Engineer TIBCO Software, Inc. Office: 1-304-816-4488
