Apache Tomcat AJP Request Remote Denial Of Service Vulnerability Network Vulnerability

Summary

This host is running Apache Tomcat and is prone to remote denial of service vulnerability.

Impact

Successful exploitation will allow remote attackers to cause a denial of service (thread consumption) by using a 'Content-Length: 0' AJP request to trigger a hang in request processing. Impact Level: Application

Solution

Upgrade to version 8.0.4 or later. For updates refer to refer http://tomcat.apache.org

Insight

The flaw is due to an error in java/org/apache/coyote/ajp/AbstractAjpProcessor.java

Affected

Apache Tomcat 8.x before 8.0.4

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/59732
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-0095

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Tomcat XML External Entity Information Disclosure Vulnerability
Apache Tomcat servlet/JSP container default files
Apple Safari 'Webkit' Multiple Vulnerabilities -01 Feb15 (Mac OS X)
Aardvark Topsites Multiple Vulnerabilities
Apple Safari Webkit Multiple Vulnerabilities - March 2011

Take action and discover your vulnerabilities