CVE-2007-6286

Properties

Published:
10.02.2008
Updated:
30.06.2009
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Product:
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat
apache: tomcat

Vulnerability description

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

References:

FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
FEDORA: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
CONFIRM: http://www.vmware.com/security/advisories/VMSA-2008-0010.html
BID: http://www.securityfocus.com/bid/31681
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/487823/100/0/threaded
MANDRIVA: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
VUPEN: http://www.frsirt.com/english/advisories/2008/2780
VUPEN: http://www.frsirt.com/english/advisories/2008/1856/references
VUPEN: http://www.frsirt.com/english/advisories/2008/0488
CONFIRM: http://tomcat.apache.org/security-6.html
CONFIRM: http://tomcat.apache.org/security-5.html
CONFIRM: http://support.apple.com/kb/HT3216
SREASON: http://securityreason.com/securityalert/3637
GENTOO: http://security.gentoo.org/glsa/glsa-200804-10.xml
SECUNIA: http://secunia.com/advisories/32222
SECUNIA: http://secunia.com/advisories/30676
SECUNIA: http://secunia.com/advisories/29711
SECUNIA: http://secunia.com/advisories/28915
SECUNIA: http://secunia.com/advisories/28878
SUSE: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
APPLE: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html