Vulnerabilities > CVE-2003-0866 - Unspecified vulnerability in Apache Tomcat
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
| description | Apache Tomcat 4.0.x Non-HTTP Request Denial Of Service Vulnerability. CVE-2003-0866 . Dos exploit for linux platform |
| id | EDB-ID:23245 |
| last seen | 2016-02-02 |
| modified | 2003-10-15 |
| published | 2003-10-15 |
| reporter | Oliver Karow |
| source | https://www.exploit-db.com/download/23245/ |
| title | Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service Vulnerability |
Nessus
NASL family Web Servers NASL id TOMCAT_4_1_0.NASL description According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.0. It is, therefore, affected by multiple vulnerabilities : - An error exists in the handling of malformed packets that can cause the processing thread to become unresponsive. A sequence of such requests can cause all threads to become unresponsive. (CVE-2003-0866) - Two example servlets, last seen 2020-03-18 modified 2010-11-04 plugin id 50475 published 2010-11-04 reporter This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/50475 title Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(50475); script_version("1.18"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/11"); script_cve_id("CVE-2003-0866", "CVE-2002-2006"); script_bugtraq_id(4575, 5542, 8824); script_name(english:"Apache Tomcat 4.x < 4.1.0 Multiple Vulnerabilities"); script_summary(english:"Checks the Apache Tomcat version."); script_set_attribute(attribute:"synopsis", value: "The remote Apache Tomcat server is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its self-reported version number, the instance of Apache Tomcat 4.x listening on the remote host is prior to 4.1.0. It is, therefore, affected by multiple vulnerabilities : - An error exists in the handling of malformed packets that can cause the processing thread to become unresponsive. A sequence of such requests can cause all threads to become unresponsive. (CVE-2003-0866) - Two example servlets, 'snoop' and a troubleshooting servlet, disclose the Apache Tomcat installation path. (CVE-2002-2006) - It has also been reported that this version of Tomcat is affected by a cross-site scripting vulnerability. The contents of a request URL are not sanitized before being returned to the browser should an error occur. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"http://tomcat.apache.org/security-4.html#Fixed_in_Apache_Tomcat_4.1.0"); script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2002/Apr/322"); script_set_attribute(attribute:"solution", value:"Upgrade to Apache Tomcat version 4.1.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2003-0866"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2002/04/22"); script_set_attribute(attribute:"patch_publication_date", value:"2002/08/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/11/04"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apache:tomcat"); script_set_attribute(attribute:"agent", value:"all"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Web Servers"); script_copyright(english:"This script is Copyright (C) 2010-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("tomcat_error_version.nasl", "tomcat_win_installed.nbin", "apache_tomcat_nix_installed.nbin"); script_require_keys("installed_sw/Apache Tomcat"); exit(0); } include("tomcat_version.inc"); tomcat_check_version(fixed:"4.1.0", min:"4.0.0", severity:SECURITY_WARNING, xss:TRUE, granularity_regex:"^4$");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-395.NASL description Aldrin Martoq has discovered a denial of service (DoS) vulnerability in Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat last seen 2020-06-01 modified 2020-06-02 plugin id 15232 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15232 title Debian DSA-395-1 : tomcat4 - incorrect input handling code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-395. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(15232); script_version("1.20"); script_cvs_date("Date: 2019/08/02 13:32:17"); script_cve_id("CVE-2003-0866"); script_bugtraq_id(8824); script_xref(name:"DSA", value:"395"); script_name(english:"Debian DSA-395-1 : tomcat4 - incorrect input handling"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Aldrin Martoq has discovered a denial of service (DoS) vulnerability in Apache Tomcat 4.0.x. Sending several non-HTTP requests to Tomcat's HTTP connector makes Tomcat reject further requests on this port until it is restarted." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2003/dsa-395" ); script_set_attribute( attribute:"solution", value: "Upgrade the tomcat4 packages and restart the tomcat server. For the current stable distribution (woody) this problem has been fixed in version 4.0.3-3woody3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:tomcat4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0"); script_set_attribute(attribute:"patch_publication_date", value:"2003/10/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.0", prefix:"libtomcat4-java", reference:"4.0.3-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"tomcat4", reference:"4.0.3-3woody3")) flag++; if (deb_check(release:"3.0", prefix:"tomcat4-webapps", reference:"4.0.3-3woody3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
- http://www.debian.org/security/2003/dsa-395
- http://www.securityfocus.com/bid/8824
- http://tomcat.apache.org/security-4.html
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1
- http://secunia.com/advisories/30908
- http://secunia.com/advisories/30899
- http://www.vupen.com/english/advisories/2008/1979/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13429
- https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E