CVE-2009-0033Improper Input Validation in Apache Tomcat

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
5.0MEDIUMNVD
EPSS
13.8%
top 5.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJun 5
Latest updateMay 2

Description

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat85 versions+84

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: tomcat.apache.org

🔴Vulnerability Details

3
OSV
Apache Tomcat Denial of Service via Malformed Request Headers2022-05-02
GHSA
Apache Tomcat Denial of Service via Malformed Request Headers2022-05-02
CVEList
CVE-2009-0033: Apache Tomcat 42009-06-05

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerabilities2009-06-15
Red Hat
tomcat6 Denial-Of-Service with AJP connection2009-06-03

💬Community

2
Bugzilla
CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2008-5515 CVE-2009-0781 Multiple tomcat5 vulnerabilities [Fedora all]2009-11-09
Bugzilla
CVE-2009-0033 tomcat6 Denial-Of-Service with AJP connection2009-04-01
CVE-2009-0033 — Improper Input Validation in Apache | cvebase