CERTA-2003-AVI-164

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le serveur Apache Tomcat permet à un utilisateur mal intentionné de réaliser un déni de service.

Description

Apache Tomcat est un serveur web mettant en oeuvre les technologies Sun Java Servlet et Sun Java Server Pages. Un utilisateur mal intentionné peut envoyer des requêtes habilement constituées pour créer un déni de service et obliger à redémarrer le serveur.

Solution

Mettre à jour Apache Tomcat (voir section Documentation) et redémarrer le serveur Apache Tomcat.

Toutes les versions de Apache Tomcat de la série 4.0. Les versions de Apache Tomcat des séries 3.0, 3.1, 3.2, 3.3, 4.1 et 5.0 ne sont pas affectées.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de Apache Tomcat de  la s\u00e9rie 4.0. Les versions de Apache Tomcat des s\u00e9ries 3.0, 3.1,  3.2, 3.3, 4.1 et 5.0 ne sont pas affect\u00e9es.\u003c/p\u003e",
  "content": "## Description\n\nApache Tomcat est un serveur web mettant en oeuvre les technologies Sun\nJava Servlet et Sun Java Server Pages. Un utilisateur mal intentionn\u00e9\npeut envoyer des requ\u00eates habilement constitu\u00e9es pour cr\u00e9er un d\u00e9ni de\nservice et obliger \u00e0 red\u00e9marrer le serveur.\n\n## Solution\n\nMettre \u00e0 jour Apache Tomcat (voir section Documentation) et red\u00e9marrer\nle serveur Apache Tomcat.\n",
  "cves": [],
  "links": [
    {
      "title": "Site internet de Apache Tomcat :",
      "url": "http://jakarta.apache.org/tomcat"
    }
  ],
  "reference": "CERTA-2003-AVI-164",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le serveur Apache Tomcat permet \u00e0 un utilisateur\nmal intentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat 4.x",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 GNU/Linux Debian DSA 395-1",
      "url": "http://www.debian.org/security/2003/dsa-395"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.