Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
Medium Nessus Plugin ID 17322
SynopsisThe remote AJP connector is affected by a denial of service vulnerability.
DescriptionAccording to its banner, the version of Apache Tomcat running on the remote host is affected by a denial of service vulnerability due to a failure to handle malformed input. By submitting a specially crafted AJP12 request, an unauthenticated attacker can cause Tomcat to stop responding. At present, details on the specific nature of such requests are not generally known.
SolutionUpgrade to Apache Tomcat version 5.x or later.