Severity: : Medium
  CVE Kennungen: : CVE-2009-0033
  Advisory Date: 21 de июля de 2015

  DESCRIPTION

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

  INFORMATION EXPOSURE

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1003590
  Trend Micro Deep Security DPI Rule Name: 1003590 - Apache Tomcat Java AJP Connector Invalid Header Denial Of Service Vulnerability

  AFFECTED SOFTWARE AND VERSION:

  • Apache Tomcat 4.1.0
  • Apache Tomcat 4.1.1
  • Apache Tomcat 4.1.10
  • Apache Tomcat 4.1.11
  • Apache Tomcat 4.1.12
  • Apache Tomcat 4.1.13
  • Apache Tomcat 4.1.14
  • Apache Tomcat 4.1.15
  • Apache Tomcat 4.1.16
  • Apache Tomcat 4.1.17
  • Apache Tomcat 4.1.18
  • Apache Tomcat 4.1.19
  • Apache Tomcat 4.1.2
  • Apache Tomcat 4.1.20
  • Apache Tomcat 4.1.21
  • Apache Tomcat 4.1.22
  • Apache Tomcat 4.1.23
  • Apache Tomcat 4.1.24
  • Apache Tomcat 4.1.25
  • Apache Tomcat 4.1.26
  • Apache Tomcat 4.1.27
  • Apache Tomcat 4.1.28
  • Apache Tomcat 4.1.29
  • Apache Tomcat 4.1.3
  • Apache Tomcat 4.1.30
  • Apache Tomcat 4.1.31
  • Apache Tomcat 4.1.32
  • Apache Tomcat 4.1.33
  • Apache Tomcat 4.1.34
  • Apache Tomcat 4.1.35
  • Apache Tomcat 4.1.36
  • Apache Tomcat 4.1.37
  • Apache Tomcat 4.1.38
  • Apache Tomcat 4.1.39
  • Apache Tomcat 4.1.4
  • Apache Tomcat 4.1.5
  • Apache Tomcat 4.1.6
  • Apache Tomcat 4.1.7
  • Apache Tomcat 4.1.8
  • Apache Tomcat 4.1.9
  • Apache Tomcat 5.5.0
  • Apache Tomcat 5.5.1
  • Apache Tomcat 5.5.10
  • Apache Tomcat 5.5.11
  • Apache Tomcat 5.5.12
  • Apache Tomcat 5.5.13
  • Apache Tomcat 5.5.14
  • Apache Tomcat 5.5.15
  • Apache Tomcat 5.5.16
  • Apache Tomcat 5.5.17
  • Apache Tomcat 5.5.18
  • Apache Tomcat 5.5.19
  • Apache Tomcat 5.5.2
  • Apache Tomcat 5.5.20
  • Apache Tomcat 5.5.21
  • Apache Tomcat 5.5.22
  • Apache Tomcat 5.5.23
  • Apache Tomcat 5.5.24
  • Apache Tomcat 5.5.25
  • Apache Tomcat 5.5.26
  • Apache Tomcat 5.5.27
  • Apache Tomcat 5.5.3
  • Apache Tomcat 5.5.4
  • Apache Tomcat 5.5.5
  • Apache Tomcat 5.5.6
  • Apache Tomcat 5.5.7
  • Apache Tomcat 5.5.8
  • Apache Tomcat 5.5.9
  • Apache Tomcat 6.0.0
  • Apache Tomcat 6.0.1
  • Apache Tomcat 6.0.10
  • Apache Tomcat 6.0.11
  • Apache Tomcat 6.0.12
  • Apache Tomcat 6.0.13
  • Apache Tomcat 6.0.14
  • Apache Tomcat 6.0.15
  • Apache Tomcat 6.0.16
  • Apache Tomcat 6.0.2
  • Apache Tomcat 6.0.3
  • Apache Tomcat 6.0.4
  • Apache Tomcat 6.0.5
  • Apache Tomcat 6.0.6
  • Apache Tomcat 6.0.7
  • Apache Tomcat 6.0.8
  • Apache Tomcat 6.0.9