CVE-2003-0866
published 2003-11-17CVE-2003-0866: The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
32.66%
98.1th percentile
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Apache Tomcat Denial of Service vulnerability in the Catalina package
osv·2022-04-29
CVE-2003-0866 [MEDIUM] Apache Tomcat Denial of Service vulnerability in the Catalina package
Apache Tomcat Denial of Service vulnerability in the Catalina package
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.6 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
GHSA
Apache Tomcat Denial of Service vulnerability in the Catalina package
ghsa·2022-04-29
CVE-2003-0866 [MEDIUM] CWE-400 Apache Tomcat Denial of Service vulnerability in the Catalina package
Apache Tomcat Denial of Service vulnerability in the Catalina package
The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.6 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://tomcat.apache.org/security-4.htmlhttp://www.debian.org/security/2003/dsa-395http://www.securityfocus.com/bid/8824http://www.vupen.com/english/advisories/2008/1979/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/13429https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Ehttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=215506http://secunia.com/advisories/30899http://secunia.com/advisories/30908http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1http://tomcat.apache.org/security-4.htmlhttp://www.debian.org/security/2003/dsa-395http://www.securityfocus.com/bid/8824http://www.vupen.com/english/advisories/2008/1979/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/13429https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
2003-11-17
Published