Aldrin Martoq

**Name of the Vulnerable Software and Affected Versions** Tomcat versions 4.0.0 through 4.0.3 Tomcat versions 4.0.4 through 4.0.6 **Description** The issue allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. A malformed HTTP request can cause the request processing thread to become unresponsive. A sequence of such requests will cause all request processing threads, and hence Tomcat as a whole, to become unresponsive. **Recommendations** For Tomcat versions 4.0.0 through 4.0.3, update to a version outside of this range to mitigate the risk. For Tomcat versions 4.0.4 through 4.0.6, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the `org.apache.catalina.connector.http` package to minimize the risk of exploitation.