PT-2002-2617 · Apache+1 · Ajp1.3 Connector+3

Published

2002-12-31

Updated

2019-03-25

CVE-2002-1895

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Jakarta Apache Tomcat versions 3.3 through 4.0.4

Description The issue allows remote attackers to cause a denial of service via a large number of HTTP GET requests for an MS-DOS device. This problem is specific to configurations using IIS in conjunction with Tomcat and the AJP1.3 connector.

Recommendations For Jakarta Apache Tomcat versions 3.3 through 4.0.4, update to version 4.1.10 or later to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2002-1895

Affected Products

Ajp1.3 Connector

Apache Tomcat

Iis

Jakarta Apache Tomcat

PT-2002-2617 · Apache+1 · Ajp1.3 Connector+3

CVE-2002-1895

Related Identifiers

Affected Products

References · 9