June 05, 2009

Cenzic Detects an Apache Tomcat Denial of Service Vulnerability

An Apache Tomcat Denial of Service Vulnerability is now detectable in the Cenzic Web Server SmartAttack

As of June 5, 2009, Cenzic can detect the Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability (BugtraqID 35193). Apache Tomcat is prone to a denial-of-service vulnerability. Attackers can exploit this issue and cause the server to end up in an error state, denying service to legitimate users.

Background on Cenzic’s SmartAttacks
Every week, Cenzic’s suite of products is updated with the latest vulnerabilities (custom, commercial, and open-source) to better detect "holes" in Web applications. These Web application vulnerabilities include (but not limited to) cross site scripting, buffer overflow, path or directory traversal, SQL injection, HTTP response splitting, and other workflow types.

by
Erin Swanson
Eswanson@cenzic.com


	Apache Tomcat Java AJP Connector Invalid Header Denial of Service Vulnerability
	Learn more about this vulnerability on Security Focus
	http://www.securityfocus.com/bid/35193/

Topic Tags: apache tomcat, cenzic, denial of service

by Erin Swanson

↑top

link to this

Post a Comment

Title:

Summary:

Comment:

Links:

Your info:

Name:		Required; will be displayed with comment.
E-mail:		Required (in case we need to contact you); will NOT be displayed with comment.
Web:		Optional; will use to hyperlink your name in the comment.
Twitter:		Optional; allows visitors to follow you on Twitter.
Save this in my browser

Verification:

Type the characters you see in the picture above.

Letters are case sensitive.

Notice: Your thoughtful opinions are valued and encouraged, but all comments are moderated so there will be a delay between the time you post your comment and when it appears in this site. Please don't be offended if your comment is edited for clarity or to avoid questionable matters. Offensive or off-topic comments will be deleted.