ID CVE-2002-0935
Summary Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.0.3
    cpe:2.3:a:apache:tomcat:4.0.3
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
NASL family Web Servers
NASL id TOMCAT_4_1_3.NASL
description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.3. It is, therefore, affected by a denial of service vulnerability. A malicious HTTP request can cause a request processing thread to become unresponsive. Further requests of this type can cause all request processing threads to become unresponsive. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
last seen 2019-02-21
modified 2018-11-15
plugin id 49702
published 2010-10-01
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=49702
title Apache Tomcat 4.x < 4.1.3 Denial of Service
refmap via4
bid 5067
bugtraq 20020620 KPMG-2002025: Apache Tomcat Denial of Service
osvdb 5051
vulnwatch 20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service
xf tomcat-null-thread-dos(9396)
Last major update 05-09-2008 - 16:29
Published 04-10-2002 - 00:00
Last modified 21-03-2019 - 11:33
Back to Top