Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6286

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-6286
Last Modified 15 Mar 2014 11:20:28
Published 11 Feb 2008 08:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6286

Summary

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Vulnerable Systems

Application

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9


References

FEDORA - FEDORA-2008-1603

FEDORA - FEDORA-2008-1467

VUPEN - ADV-2009-3316

VUPEN - ADV-2008-2780

VUPEN - ADV-2008-1856

VUPEN - ADV-2008-0488

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0010.html

BID - 31681

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20080208 [SECURITY] CVE-2007-6286: Tomcat duplicate request processing vulnerability

MANDRIVA - MDVSA-2009:136

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://support.apple.com/kb/HT3216

SREASON - 3637

GENTOO - GLSA-200804-10

SECUNIA - 37460

SECUNIA - 32222

SECUNIA - 30676

SECUNIA - 29711

SECUNIA - 28915

SECUNIA - 28878

SUSE - SUSE-SR:2009:004

APPLE - APPLE-SA-2008-10-09

HP - HPSBST02955

SECUNIA - 57126

Related Patches

Apple 2008-10-09 Security Update 2008-007 Server (Leopard)


Last Updated: 27 May 2016 11:04:35