CVE-2007-6286

Published Feb 12, 2008

Last updated a year ago

CVSS info 4.3

Overview

Description: Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Vendor comments

Red HatNot Vulnerable. Red Hat does not ship a version of Apache Tomcat that enables the native APR connector.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5CF79C-759B-4FF9-90EE-847264059E93"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "357651FD-392E-4775-BF20-37A23B3ABAE4"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "585B9476-6B86-4809-9B9E-26112114CB59"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6145036D-4FCE-4EBE-A137-BDFA69BA54F8"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E437055A-0A81-413F-AB08-0E9D0DC9EA30"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9276A093-9C98-4617-9941-2276995F5848"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97C9C36C-EF7E-4D42-9749-E2FF6CE35A2E"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C98575E2-E39A-4A8F-B5B5-BD280B8367BC"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5BDA08E7-A417-44E8-9C89-EB22BEEC3B9E"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCD1B6BE-CF07-4DA8-A703-4A48506C8AD6"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5878E08E-2741-4798-94E9-BA8E07386B12"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69F6BAB7-C099-4345-A632-7287AEA555B2"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3AAF031-D16B-4D51-9581-2D1376A5157B"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51120689-F5C0-4DF1-91AA-314C40A46C58"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F67477AB-85F6-421C-9C0B-C8EFB1B200CF"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "49E3C039-A949-4F1B-892A-57147EECB249"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F28C7801-41B9-4552-BA1E-577967BCBBEE"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25B21085-7259-4685-9D1F-FF98E6489E10"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "635EE321-2A1F-4FF8-95BE-0C26591969D9"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A81B035-8598-4D2C-B45F-C6C9D4B10C2F"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1096947-82A6-4EA8-A4F2-00D91E3F7DAF"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0EBFA1D3-16A6-4041-BB30-51D2EE0F2AF4"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B70B372F-EFFD-4AF7-99B5-7D1B23A0C54C"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C95ADA4-66F5-45C4-A677-ACE22367A75A"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11951A10-39A2-4FF5-8C43-DF94730FB794"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "351E5BCF-A56B-4D91-BA3C-21A4B77D529A"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DC2BBB4-171E-4EFF-A575-A5B7FF031755"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B6B0504-27C1-4824-A928-A878CBBAB32D"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE81AD36-ACD1-4C6C-8E7C-5326D1DA3045"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D903956B-14F5-4177-AF12-0A5F1846D3C4"
          },
          {
            "criteria": "cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81F847DC-A2F5-456C-9038-16A0E85F4C3B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References