If Tomcat receives a request with invalid headers via the Java AJP connector, it does not return an error and instead closes the AJP connection. In case this connector is member of a mod_jk load balancing worker, this member will be put into an error state and will be blocked from use for approximately one minute. Thus the behaviour can be used for a denial of service attack using a carefully crafted request.
Patchset for tomcat6: http://svn.apache.org/viewvc?view=rev&revision=742915 Patchset for tomcat5: http://svn.apache.org/viewvc?view=rev&revision=781362
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1164 https://rhn.redhat.com/errata/RHSA-2009-1164.html
This issue has been addressed in following products: JBEWS 1.0.0 for RHEL 4 JBEWS 1.0.0 for RHEL 5 Via RHSA-2009:1454 https://rhn.redhat.com/errata/RHSA-2009-1454.html
This issue has been addressed in following products: JBEWS 1.0.0 for RHEL 5 JBEWS 1.0.0 for RHEL 4 Via RHSA-2009:1506 https://rhn.redhat.com/errata/RHSA-2009-1506.html
This issue has been addressed in following products: RHAPS Version 2 for RHEL 4 Via RHSA-2009:1562 https://rhn.redhat.com/errata/RHSA-2009-1562.html
This issue has been addressed in following products: Red Hat Developer Suite V.3 Via RHSA-2009:1563 https://rhn.redhat.com/errata/RHSA-2009-1563.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.2 Red Hat Network Satellite Server v 5.3 Via RHSA-2009:1616 https://rhn.redhat.com/errata/RHSA-2009-1616.html
This issue has been addressed in following products: Red Hat Network Satellite Server v 5.1 Via RHSA-2009:1617 https://rhn.redhat.com/errata/RHSA-2009-1617.html
This issue has been addressed in following products: Red Hat Certificate System 7.3 Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html
All children bugs are closed, closing parent bug