Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability

BID:12795

Info

Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability

Bugtraq ID: 12795
Class: Failure to Handle Exceptional Conditions
CVE:
Remote: Yes
Local: No
Published: Mar 14 2005 12:00AM
Updated: Mar 14 2005 12:00AM
Credit: The individual or individuals responsible for the discovery of this issue are currently unknown; The Hitachi Incident Response Team disclosed this issue.
Vulnerable: Hitachi Cosminexus Server Component Container for Java 02-00-/L
Hitachi Cosminexus Server Component Container for Java 02-00
Hitachi Cosminexus Server Component Container 02-00-/L
Hitachi Cosminexus Server Component Container 02-00
Hitachi Cosminexus Portal Framework 01-00-/A
Apache Tomcat 3.3.1 a
Apache Tomcat 3.3.1
Apache Tomcat 3.3
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 3.2.4
Apache Tomcat 3.2.3
Apache Tomcat 3.2.2 beta2
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 3.2.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- HP Secure OS software for Linux 1.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 3.2
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 3.1.1
Apache Tomcat 3.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 3.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
Not Vulnerable: Apache Tomcat 5.5.8
Apache Tomcat 5.5.7
Apache Tomcat 5.5.6
Apache Tomcat 5.5.5
Apache Tomcat 5.5.4
Apache Tomcat 5.5.3
Apache Tomcat 5.5.2
Apache Tomcat 5.5.1
Apache Tomcat 5.5
Apache Tomcat 5.0.30
Apache Tomcat 5.0
Apache Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
 + Gentoo Linux 1.4 _rc2
 + Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
Apache Tomcat 4.1.12
Apache Tomcat 4.1.10
Apache Tomcat 4.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.3
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.5
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 4.0.6
+ Gentoo Linux 1.4 _rc3
 + Gentoo Linux 1.4 _rc2
 + Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
Apache Tomcat 4.0.5
+ Redhat Stronghold 4.0
Apache Tomcat 4.0.4
Apache Tomcat 4.0.3
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 Apache Tomcat 4.0.2
Apache Tomcat 4.0.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
 - Sun Solaris 7.0
 Apache Tomcat 4.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
 - NetBSD NetBSD 1.4.1 x86
 - Redhat Linux 6.2 i386
 - Redhat Linux 6.1 i386
 - SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
 - Sun Solaris 7.0

Discussion

Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability

A remote denial of service vulnerability affects Apache Tomcat. This issue is due to a failure of the application to properly handle malformed requests.

An attacker may leverage this issue to trigger a denial of service condition in the affected software.

Exploit / POC

Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability

Solution:
An upgrade is available that is not vulnerable to this issue.


Apache Tomcat 3.0

Apache Tomcat 3.1

Apache Tomcat 3.1.1

Apache Tomcat 3.2

Apache Tomcat 3.2.1

Apache Tomcat 3.2.2 beta2

Apache Tomcat 3.2.3

Apache Tomcat 3.2.4

Apache Tomcat 3.3

Apache Tomcat 3.3.1

Apache Tomcat 3.3.1 a

References

Apache Tomcat Remote Malformed Request Denial Of Service Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report