CERTA-2003-AVI-164
Vulnerability from certfr_avis

Une vulnérabilité dans le serveur Apache Tomcat permet à un utilisateur mal intentionné de réaliser un déni de service.

Description

Apache Tomcat est un serveur web mettant en oeuvre les technologies Sun Java Servlet et Sun Java Server Pages. Un utilisateur mal intentionné peut envoyer des requêtes habilement constituées pour créer un déni de service et obliger à redémarrer le serveur.

Solution

Mettre à jour Apache Tomcat (voir section Documentation) et redémarrer le serveur Apache Tomcat.

Toutes les versions de Apache Tomcat de la série 4.0. Les versions de Apache Tomcat des séries 3.0, 3.1, 3.2, 3.3, 4.1 et 5.0 ne sont pas affectées.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eToutes les versions de Apache Tomcat de  la s\u00e9rie 4.0. Les versions de Apache Tomcat des s\u00e9ries 3.0, 3.1,  3.2, 3.3, 4.1 et 5.0 ne sont pas affect\u00e9es.\u003c/p\u003e",
  "content": "## Description\n\nApache Tomcat est un serveur web mettant en oeuvre les technologies Sun\nJava Servlet et Sun Java Server Pages. Un utilisateur mal intentionn\u00e9\npeut envoyer des requ\u00eates habilement constitu\u00e9es pour cr\u00e9er un d\u00e9ni de\nservice et obliger \u00e0 red\u00e9marrer le serveur.\n\n## Solution\n\nMettre \u00e0 jour Apache Tomcat (voir section Documentation) et red\u00e9marrer\nle serveur Apache Tomcat.\n",
  "cves": [],
  "initial_release_date": "2003-10-16T00:00:00",
  "last_revision_date": "2003-10-16T00:00:00",
  "links": [
    {
      "title": "Site internet de Apache Tomcat :",
      "url": "http://jakarta.apache.org/tomcat"
    }
  ],
  "reference": "CERTA-2003-AVI-164",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-10-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le serveur Apache Tomcat permet \u00e0 un utilisateur\nmal intentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Apache Tomcat 4.x",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 GNU/Linux Debian DSA 395-1",
      "url": "http://www.debian.org/security/2003/dsa-395"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.