CVE-2003-0866

Name of the Vulnerable Software and Affected Versions Tomcat versions 4.0.0 through 4.0.3 Tomcat versions 4.0.4 through 4.0.6

Description The issue allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests. A malformed HTTP request can cause the request processing thread to become unresponsive. A sequence of such requests will cause all request processing threads, and hence Tomcat as a whole, to become unresponsive.

Recommendations For Tomcat versions 4.0.0 through 4.0.3, update to a version outside of this range to mitigate the risk. For Tomcat versions 4.0.4 through 4.0.6, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the org.apache.catalina.connector.http package to minimize the risk of exploitation.