Overview
Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service.
Description
Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Tomcat uses the AJP12 protocol (on TCP 8007 by default) for Servlet/JSP communication. A flaw in Tomcat's implemetation of the AJP12 protocol may allow a remote attacker to cause Tomcat to stop processing requests. If a remote attacker sends Tomcat a specially crafted request, that attacker may be able to force Tomcat to stop processing all subsequent requests. Please note that this vulnerability was reported in Tomcat version 3.x. |
Impact
By sending Tomcat a specially crafted request, a remote attacker may be able to cause a denial of service. |
Solution
Upgrade Tomcat |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
Acknowledgements
We thank HIRT (Hitachi Incident Response Team) for reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
CVE IDs: | None |
Severity Metric: | 0.69 |
Date Public: | 2005-03-14 |
Date First Published: | 2005-03-14 |
Date Last Updated: | 2007-05-16 19:11 UTC |
Document Revision: | 35 |