Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0866 — Uncontrolled Resource Consumption in Apache Tomcat

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

20.4%

top 4.45%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apache Tomcat

Timeline

PublishedNov 17

Latest updateApr 29

Description

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/tomcat7 versions+6

Patches

Patch: bugs.debian.org ↗Patch: www.debian.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

OSV

Apache Tomcat Denial of Service vulnerability in the Catalina package↗2022-04-29

▶

GHSA

Apache Tomcat Denial of Service vulnerability in the Catalina package↗2022-04-29

▶

CVEList

CVE-2003-0866: The Catalina org↗2003-10-17

▶

💥Exploits & PoCs

Exploit-DB

Apache Tomcat 4.0.x - Non-HTTP Request Denial of Service↗2003-10-15

▶

💬Community

Bugzilla

A number of tomcat issues↗2007-05-09

▶