Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0033

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0033
Last Modified 04 Dec 2013 06:19:36
Published 05 Jun 2009 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0033

Summary

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

Vulnerable Systems

Application

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.11

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.13

  • Apache Tomcat 4.1.14

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.16

  • Apache Tomcat 4.1.17

  • Apache Tomcat 4.1.18

  • Apache Tomcat 4.1.19

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.20

  • Apache Tomcat 4.1.21

  • Apache Tomcat 4.1.22

  • Apache Tomcat 4.1.23

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.25

  • Apache Tomcat 4.1.26

  • Apache Tomcat 4.1.27

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.29

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.30

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.32

  • Apache Tomcat 4.1.33

  • Apache Tomcat 4.1.34

  • Apache Tomcat 4.1.35

  • Apache Tomcat 4.1.36

  • Apache Tomcat 4.1.37

  • Apache Tomcat 4.1.38

  • Apache Tomcat 4.1.39

  • Apache Tomcat 4.1.4

  • Apache Tomcat 4.1.5

  • Apache Tomcat 4.1.6

  • Apache Tomcat 4.1.7

  • Apache Tomcat 4.1.8

  • Apache Tomcat 4.1.9

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.27

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9


References

VUPEN - ADV-2009-1496

BID - 35193

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://tomcat.apache.org/security-5.html

CONFIRM - http://tomcat.apache.org/security-4.html

CONFIRM - http://svn.apache.org/viewvc?rev=781362&view=rev

CONFIRM - http://svn.apache.org/viewvc?rev=742915&view=rev

FEDORA - FEDORA-2009-11356

FEDORA - FEDORA-2009-11352

FEDORA - FEDORA-2009-11374

XF - tomcat-ajp-dos(50928)

VUPEN - ADV-2010-3056

VUPEN - ADV-2009-3316

VUPEN - ADV-2009-1856

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2009-0016.html

BUGTRAQ - 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components

BUGTRAQ - 20090603 [SECURITY] CVE-2009-0033 Apache Tomcat DoS when using Java AJP connector

MANDRIVA - MDVSA-2010:176

MANDRIVA - MDVSA-2009:138

MANDRIVA - MDVSA-2009:136

DEBIAN - DSA-2207

CONFIRM - http://support.apple.com/kb/HT4077

SUNALERT - 263529

SECTRACK - 1022331

SECUNIA - 42368

SECUNIA - 37460

SECUNIA - 35788

SECUNIA - 35685

SECUNIA - 35344

SECUNIA - 35326

HP - SSRT100203

SUSE - SUSE-SR:2009:012

APPLE - APPLE-SA-2010-03-29-1

JVN - JVN#87272440

HP - SSRT101146

HP - HPSBUX02860

HP - HPSBUX02579


Last Updated: 27 May 2016 11:02:36