QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2007-6286

Back to search

CVE-2007-6286

Published: Feb 12, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

VendorProductVersions

n/a

n/a

affected
n/a

References

3637
third-party-advisory
x_refsource_SREASON
30676
third-party-advisory
x_refsource_SECUNIA
28915
third-party-advisory
x_refsource_SECUNIA
37460
third-party-advisory
x_refsource_SECUNIA
31681
vdb-entry
x_refsource_BID
28878
third-party-advisory
x_refsource_SECUNIA
ADV-2008-0488
vdb-entry
x_refsource_VUPEN
SUSE-SR:2009:004
vendor-advisory
x_refsource_SUSE
57126
third-party-advisory
x_refsource_SECUNIA
32222
third-party-advisory
x_refsource_SECUNIA
FEDORA-2008-1467
vendor-advisory
x_refsource_FEDORA
GLSA-200804-10
vendor-advisory
x_refsource_GENTOO
FEDORA-2008-1603
vendor-advisory
x_refsource_FEDORA
ADV-2008-1856
vdb-entry
x_refsource_VUPEN
ADV-2008-2780
vdb-entry
x_refsource_VUPEN
MDVSA-2009:136
vendor-advisory
x_refsource_MANDRIVA
HPSBST02955
vendor-advisory
x_refsource_HP
APPLE-SA-2008-10-09
vendor-advisory
x_refsource_APPLE
29711
third-party-advisory
x_refsource_SECUNIA
ADV-2009-3316
vdb-entry
x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now