| VID |
22335 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
Servlet |
| Detailed Description |
The Apache Tomcat server, according to its banner, has a denial of service vulnerability via the malformed request. Apache Tomcat is a Java application server used with Apache HTTP Server to support JavaServer Pages (JSP) and Java servlets. Tomcat uses the AJP12 protocol (on TCP 8007 by default) for Servlet/JSP communication. A flaw in Tomcat version 3.x's implementation of the AJP12 protocol may allow a remote attacker to cause Tomcat server to stop processing requests. , By sending a specially-crafted request, a remote attacker may be able to force the affected Tomcat server to stop processing all legitimate requests.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/204710
http://secunia.com/advisories/14588/
* Platforms Affected:
Apache Software Foundation, Tomcat 3.x
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Apache Tomcat (5.x or later), available from the Apache Jakarta Project Web site at http://jakarta.apache.org/tomcat/
For Cosminexus Server:
Apply the fix version 02-00-/M or later, available from the Hitachi Software Vulnerability Information HS05-006-01 at http://www.hitachi-support.com/security_e/vuls_e/HS05-006_e/01-e.html |
| Related URL |
CVE-2005-0808 (CVE) |
| Related URL |
12795 (SecurityFocus) |
| Related URL |
19681 (ISS) |
|
