TUCoPS :: Linux :: Debian :: dsa-395.htm

tomcat4 -- incorrect input handling

Debian Security Advisory

DSA-395-1 tomcat4 -- incorrect input handling

Date Reported:
15 Oct 2003
Affected Packages:
tomcat4
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CAN-2003-0866.
More information:

Aldrin Martoq has discovered a denial of service (DoS) vulnerability in Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP connector makes Tomcat reject further requests on this port until it is restarted.

For the current stable distribution (woody) this problem has been fixed in version 4.0.3-3woody3.

For the unstable distribution (sid) this problem does not exist in the current version 4.1.24-2.

We recommend that you upgrade your tomcat4 packages and restart the tomcat server.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Source:
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.dsc
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.diff.gz
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3.orig.tar.gz
Architecture-independent component:
http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody3_all.deb
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody3_all.deb
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3_all.deb

MD5 checksums of the listed files are available in the original advisory.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH