Overview
Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service.
Description
Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Tomcat uses the AJP12 protocol (on TCP 8007 by default) for Servlet/JSP communication. A flaw in Tomcat's implemetation of the AJP12 protocol may allow a remote attacker to cause Tomcat to stop processing requests. If a remote attacker sends Tomcat a specially crafted request, that attacker may be able to force Tomcat to stop processing all subsequent requests. Please note that this vulnerability was reported in Tomcat version 3.x. |
Impact
By sending Tomcat a specially crafted request, a remote attacker may be able to cause a denial of service. |
Solution
Upgrade Tomcat |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
We thank HIRT (Hitachi Incident Response Team) for reporting this vulnerability.
This document was written by Jeff Gennari.
Other Information
| CVE IDs: | None |
| Severity Metric: | 0.69 |
| Date Public: | 2005-03-14 |
| Date First Published: | 2005-03-14 |
| Date Last Updated: | 2007-05-16 19:11 UTC |
| Document Revision: | 35 |