SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#204710

Apache Tomcat fails to properly handle certain requests

Overview

Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service.

I. Description

Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Tomcat uses the AJP12 protocol (on TCP 8007 by default) for Servlet/JSP communication. A flaw in Tomcat's implemetation of the AJP12 protocol may allow a remote attacker to cause Tomcat to stop processing requests. If a remote attacker sends Tomcat a specially crafted request, that attacker may be able to force Tomcat to stop processing all subsequent requests.

Please note that this vulnerability was reported in Tomcat version 3.x.

II. Impact

By sending Tomcat a specially crafted request, a remote attacker may be able to cause a denial of service.

III. Solution

Upgrade Tomcat


Upgrading to Tomcat version 5.x will correct this issue.

Systems Affected

VendorStatusDate NotifiedDate Updated
ApacheVulnerable1-Mar-2005
HitachiVulnerable10-Mar-2005

References


Credit

We thank HIRT (Hitachi Incident Response Team) for reporting this vulnerability.

This document was written by Jeff Gennari.

Other Information

Date Public:2005-03-14
Date First Published:2005-03-14
Date Last Updated:2007-05-16
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:0.69
Document Revision:34

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2005 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader