Detections
Analytics
CVE-2007-6286
medium
Description
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
References
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
http://www.vupen.com/english/advisories/2009/3316
http://www.vupen.com/english/advisories/2008/2780
http://www.vupen.com/english/advisories/2008/1856/references
http://www.vupen.com/english/advisories/2008/0488
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vmware.com/security/advisories/VMSA-2008-0010.html
http://www.securityfocus.com/bid/31681
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/487823/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-5.html
http://support.apple.com/kb/HT3216
http://securityreason.com/securityalert/3637
http://security.gentoo.org/glsa/glsa-200804-10.xml
http://secunia.com/advisories/57126
http://secunia.com/advisories/37460
http://secunia.com/advisories/32222
http://secunia.com/advisories/30676
http://secunia.com/advisories/29711
http://secunia.com/advisories/28915
http://secunia.com/advisories/28878
http://marc.info/?l=bugtraq&m=139344343412337&w=2
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html