Oval Definition:	oval:org.mitre.oval:def:10231
Revision Date: 2013-04-29 Version: 12 Title: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. Description: Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header. Family: unix Class: vulnerability Status: ACCEPTED Reference(s): CVE-2009-0033 Platform(s): CentOS Linux 5 Oracle Linux 5 Red Hat Enterprise Linux 5 Product(s): Definition Synopsis RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 OR The operating system installed on the system is CentOS Linux 5.x OR Oracle Linux 5.x AND Configuration section tomcat5-servlet-2.4-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jsp-2.0-api-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jasper-javadoc is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-servlet-2.4-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5 is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jasper is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-jsp-2.0-api is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-server-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-common-lib is earlier than 0:5.5.23-0jpp.7.el5_3.2 OR tomcat5-admin-webapps is earlier than 0:5.5.23-0jpp.7.el5_3.2
BACK