CVE-2002-0935

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions prior to 4.1.3 beta

Description: The issue allows remote attackers to cause a denial of service, resulting in resource exhaustion. This occurs when a large number of requests containing null characters are sent to the server, causing the working threads to hang. A malformed HTTP request can also render the request processing thread unresponsive, and a sequence of such requests can cause all request processing threads, and hence the server as a whole, to become unresponsive.

Recommendations: For Apache Tomcat versions prior to 4.1.3 beta, update to version 4.1.3 beta or later to resolve the issue. As a temporary workaround, consider restricting the number of concurrent requests to the server to minimize the risk of exploitation. Additionally, monitoring server resources and implementing measures to prevent excessive resource utilization can help mitigate the impact of this issue.