Apache Tomcat mod_jk Invalid Transfer-Encoding Chunked Field DoS

Medium Nessus Plugin ID 11519


The remote web server module has a denial of service vulnerability.


According to the banner, the remote host is using a vulnerable version of the Apache mod_jk module. Such versions have a bug that could allow a remote attacker to use chunked encoding requests to desynchronize Apache and Tomcat, and therefore prevent the remote web server from working properly.


Upgrade to mod_jk 1.2.1 or later.

See Also


Plugin Details

Severity: Medium

ID: 11519

File Name: mod_jk_chunked_encoding_dos.nasl

Version: $Revision: 1.20 $

Type: remote

Family: Web Servers

Published: 2003/04/04

Modified: 2016/11/18

Dependencies: 10107, 10386, 17975

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2002/12/04

Reference Information

CVE: CVE-2002-2272

BID: 6320

OSVDB: 7394, 34398

CWE: 119