Apache Tomcat AJP Request Remote Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat and is prone to remote denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service (thread consumption) by using a 'Content-Length: 0' AJP request to trigger a hang in request processing. Impact Level: Application

Solution

Upgrade to version 8.0.4 or later. For updates refer to refer http://tomcat.apache.org

Insight

The flaw is due to an error in java/org/apache/coyote/ajp/AbstractAjpProcessor.java

Affected

Apache Tomcat 8.x before 8.0.4

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/59732
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0095
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
Adobe Flash Player/Air Multiple Vulnerabilities -feb10 (Linux)
Asterisk CIDR Notation in Access Rule Remote Security Bypass Vulnerability
Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability

Take action and discover your vulnerabilities