CVE-2009-0033
CVE-2009-0033
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://jvn.jp/en/jp/JVN87272440/index.htmlhttp://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlhttp://marc.info/?l=bugtraq&m=127420533226623&w=2http://marc.info/?l=bugtraq&m=129070310906557&w=2http://marc.info/?l=bugtraq&m=133469267822771&w=2http://marc.info/?l=bugtraq&m=136485229118404&w=2http://secunia.com/advisories/35326http://secunia.com/advisories/35344http://secunia.com/advisories/35685http://secunia.com/advisories/35788http://secunia.com/advisories/37460