5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.01 Low
EPSS
Percentile
84.0%
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through
6.0.18, when the Java AJP connector and mod_jk load balancing are used,
allows remote attackers to cause a denial of service (application outage)
via a crafted request with invalid headers, related to temporary blocking
of connectors that have encountered errors, as demonstrated by an error
involving a malformed HTTP Host header.
Author | Note |
---|---|
mdeslaur | PoC: http://seclists.org/bugtraq/2009/Jun/0045.html |