CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
91.0%
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the
native APR connector is used, does not properly handle an empty request to
the SSL port, which allows remote attackers to trigger handling of โa
duplicate copy of one of the recent requests,โ as demonstrated by using
netcat to send the empty request.
Author | Note |
---|---|
fujitsu | At least 5.5 doesnโt use the native APR connector. |