Upstream information
Description
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 5 |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
SUSE Security Advisories:
- SUSE-SR:2009:012, published Fri, 03 Jul 2009 16:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA tomcat6-6.0.18-20.35.36.1 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA tomcat6-6.0.18-20.35.40.1 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA tomcat6-6.0.41-0.43.1 |
SUSE Timeline for this CVE
CVE page created: Thu Jul 17 09:06:19 2014CVE page last modified: Mon Oct 6 18:15:34 2025