Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0935

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0935
Last Modified 05 Sep 2008 04:29:20
Published 04 Oct 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0935

Summary

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

Vulnerable Systems

Application

  • Apache Tomcat 4.0.3


References

BID - 5067

XF - tomcat-null-thread-dos(9396)

OSVDB - 5051

BUGTRAQ - 20020620 KPMG-2002025: Apache Tomcat Denial of Service

VULNWATCH - 20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service


Last Updated: 27 May 2016 10:37:08