73724 – Tomcat HTTP server DoS vulnerability

Bug 73724 - Tomcat HTTP server DoS vulnerability

Summary: Tomcat HTTP server DoS vulnerability

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Stronghold Cross Platform
Classification:	Retired
Component:	tomcat
Sub Component:
Version:	4.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Gary Benson
QA Contact:	Stronghold Engineering List
Docs Contact:
URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-09-09 15:33 UTC by Gary Benson
Modified:	2007-04-18 16:46 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2002-11-07 17:41:12 UTC
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2002:217	0	normal	SHIPPED_LIVE	Important: tomcat security update for Stronghold	2002-09-30 04:00:00 UTC
Red Hat Product Errata	RHSA-2002:218	0	normal	SHIPPED_LIVE	Important: tomcat security update for Stronghold	2002-09-30 04:00:00 UTC

Description Gary Benson 2002-09-09 15:33:40 UTC

Tomcat 4.0.3 is vulnerable to CAN-2002-0935, whereby remote attackers can cause
a denial of service by sending a number of specially crafted requests to the
server.   Stronghold is not vulnerable in the default configuration, but it is
vulnerable if the user enables the Tomcat-Standalone service.

Comment 1 Joe Orton 2002-11-07 17:41:12 UTC

An errata has been issued which should help the problem described in this bug report. 
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen 
this bug report if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2002-218.html

Note You need to log in before you can comment on or make changes to this bug.