From https://bugzilla.redhat.com/show_bug.cgi?id=880011 : The Slowloris denial of service tool has been found to affect Tomcat. Related upstream list post: http://mail-archives.apache.org/mod_mbox/tomcat-users/200906.mbox/%3C4A3D0884.5080309@apache.org%3E
CVE-2012-5568 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5568): Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
http://mail-archives.apache.org/mod_mbox/tomcat-users/200906.mbox/%3C4A3D0884.5080309@apache.org%3E The upstream post for this is that this is a normal DOS for resource exhaustion vs a vulnerability. Red-Hat determined that they will not fix as well. https://bugzilla.redhat.com/show_bug.cgi?id=880011
After discussion with other security members, this will be dropped as "WONTFIX". To mirror other distributions. If anyone things otherwise please advise and we will re-open.