Details
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.Novell Bugzilla entry: 509839,509840 SUSE Security Advisories:
- SUSE-SR:2009:012 , published Fri, 03 Jul 2009 16:00:00 +0000
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SLE 11 |
| sle11. ppc sle11. ia64 sle11. x86-64 sle11. s390x sle11. x86 SAT Patch Nr: 997 |
| Novell Linux POS 9 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 |
| core9. s390x core9. ppc core9. x86-64 core9. ia64 sles9-oes. x86 sles9-nlpos. x86 core9. s390 core9. x86 YOU Patch Nr: 12460 |
| openSUSE 10.3 |
| |
| openSUSE 11.0 |
| SAT Patch Nr: 999 |
| openSUSE 11.1 |
| SAT Patch Nr: 999 |
| SLE SDK 10 SP2 for IBM iSeries and IBM pSeries SLE SDK 10 SP2 for IBM zSeries SLE SDK 10 SP2 for IPF SLE SDK 10 SP2 for X86-64 SLE SDK 10 SP2 for x86 SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM POWER SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit SUSE Linux Enterprise Server 10 SP2 for IPF SUSE Linux Enterprise Server 10 SP2 for x86 |
| sles10-sp2-sdk. x86-64 sles10-sp2. ppc sles10-sp2. x86-64 sles10-sp2-sdk. s390x sles10-sp2. ia64 sles10-sp2. x86 sles10-sp2-sdk. ppc sles10-sp2-sdk. x86 sles10-sp2. s390x sles10-sp2-sdk. ia64 ZYPP Patch Nr: 6352 |