SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2007-6286

Date: (C)2008-02-11 (M)2023-12-22

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE

Reference:

http://www.securityfocus.com/archive/1/487823/100/0/threaded

http://www.securityfocus.com/archive/1/507985/100/0/threaded

APPLE-SA-2008-10-09

FEDORA-2008-1467

FEDORA-2008-1603

SUSE-SR:2009:004

https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

http://support.apple.com/kb/HT3216

http://tomcat.apache.org/security-5.html

http://tomcat.apache.org/security-6.html

http://www.vmware.com/security/advisories/VMSA-2008-0010.html

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

cpe:/a:apache:tomcat:5.5.22
cpe:/a:apache:tomcat:5.5.23
cpe:/a:apache:tomcat:5.5.20
cpe:/a:apache:tomcat:5.5.21
...

oval:org.secpod.oval:def:300556

© SecPod Technologies