ID CVE-2003-0866
Summary The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
References
Vulnerable Configurations
  • Apache Software Foundation Tomcat 4.0.0
    cpe:2.3:a:apache:tomcat:4.0.0
  • Apache Software Foundation Tomcat 4.0.1
    cpe:2.3:a:apache:tomcat:4.0.1
  • Apache Software Foundation Tomcat 4.0.2
    cpe:2.3:a:apache:tomcat:4.0.2
  • Apache Software Foundation Tomcat 4.0.3
    cpe:2.3:a:apache:tomcat:4.0.3
  • Apache Software Foundation Tomcat 4.0.4
    cpe:2.3:a:apache:tomcat:4.0.4
  • Apache Software Foundation Tomcat 4.0.5
    cpe:2.3:a:apache:tomcat:4.0.5
  • Apache Software Foundation Tomcat 4.0.6
    cpe:2.3:a:apache:tomcat:4.0.6
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
description Apache Tomcat 4.0.x Non-HTTP Request Denial Of Service Vulnerability. CVE-2003-0866 . Dos exploit for linux platform
id EDB-ID:23245
last seen 2016-02-02
modified 2003-10-15
published 2003-10-15
reporter Oliver Karow
source https://www.exploit-db.com/download/23245/
title Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service Vulnerability
nessus via4
  • NASL family Web Servers
    NASL id TOMCAT_4_1_0.NASL
    description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.0. It is, therefore, affected by multiple vulnerabilities : - An error exists in the handling of malformed packets that can cause the processing thread to become unresponsive. A sequence of such requests can cause all threads to become unresponsive. (CVE-2003-0866) - Two example servlets, 'snoop' and a troubleshooting servlet, disclose the Apache Tomcat installation path. (CVE-2002-2006) - It has also been reported that this version of Tomcat is affected by a cross-site scripting vulnerability. The contents of a request URL are not sanitized before being returned to the browser should an error occur. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-11-17
    modified 2018-11-15
    plugin id 50475
    published 2010-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=50475
    title Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-395.NASL
    description Aldrin Martoq has discovered a denial of service (DoS) vulnerability in Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP connector makes Tomcat reject further requests on this port until it is restarted.
    last seen 2018-09-01
    modified 2018-07-20
    plugin id 15232
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15232
    title Debian DSA-395-1 : tomcat4 - incorrect input handling
refmap via4
bid 8824
confirm
debian DSA-395
secunia
  • 30899
  • 30908
sunalert 239312
vupen ADV-2008-1979
xf tomcat-non-http-dos(13429)
Last major update 07-03-2011 - 21:13
Published 17-11-2003 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top