{"vuid":"VU#204710","idnumber":"204710","name":"Apache Tomcat fails to properly handle certain requests","keywords":["Apache","Tomcat","DoS","denial-of-service","0xFE 0x00"],"overview":"Apache Tomcat does not properly handle certain types of requests, allowing a remote attacker to cause a denial of service.","clean_desc":"Apache Tomcat is an implementation of the Java Servlet and JavaServer Page (JSP) technologies. Tomcat uses the AJP12 protocol  (on TCP 8007 by default) for Servlet/JSP communication. A flaw in Tomcat's implemetation of the AJP12 protocol may allow a remote attacker to cause Tomcat to stop processing requests. If a remote attacker sends Tomcat a specially crafted request, that attacker may be able to force Tomcat to stop processing all subsequent requests. Please note that this vulnerability was reported in Tomcat version 3.x.","impact":"By sending Tomcat a specially crafted request, a remote attacker may be able to cause a denial of service.","resolution":"Upgrade Tomcat Upgrading to Tomcat version 5.x will correct this issue.","workarounds":"","sysaffected":"","thanks":"We thank HIRT (Hitachi Incident Response Team) for reporting this vulnerability.","author":"This document was written by Jeff Gennari.","public":[],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-01-17T21:02:13Z","publicdate":"2005-03-14T00:00:00Z","datefirstpublished":"2005-03-14T15:06:34Z","dateupdated":"2007-05-16T19:11:50Z","revision":35,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"2","cam_widelyknown":"3","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"11","cam_impact":"3","cam_easeofexploitation":"14","cam_attackeraccessrequired":"10","cam_scorecurrent":"0.693","cam_scorecurrentwidelyknown":"2.165625","cam_scorecurrentwidelyknownexploited":"3.898125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.693,"vulnote":null}