CVE-2009-0033

CVSS V2 Medium 5 CVSS V3 None
Description
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
Overview
  • CVE ID
  • CVE-2009-0033
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2009-06-05T16:00:00
  • Last Modified Date
  • 2023-02-13T01:17:02
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.38:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:4.1.39:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://www.securityfocus.com/bid/35193 Patch
http://tomcat.apache.org/security-5.html Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/1496 Patch Vendor Advisory
http://secunia.com/advisories/35344 Vendor Advisory
http://svn.apache.org/viewvc?rev=781362&view=rev Patch Vendor Advisory
http://securitytracker.com/id?1022331
http://secunia.com/advisories/35326 Vendor Advisory
http://tomcat.apache.org/security-6.html Patch Vendor Advisory
http://tomcat.apache.org/security-4.html Patch Vendor Advisory
http://svn.apache.org/viewvc?rev=742915&view=rev Patch Vendor Advisory
http://jvn.jp/en/jp/JVN87272440/index.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://secunia.com/advisories/35685
http://secunia.com/advisories/35788
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
http://www.vupen.com/english/advisories/2009/1856
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
http://www.vupen.com/english/advisories/2009/3316
http://secunia.com/advisories/37460
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
http://support.apple.com/kb/HT4077
http://www.mandriva.com/security/advisories?name=MDVSA-2010:176
http://marc.info/?l=bugtraq&m=129070310906557&w=2
http://www.vupen.com/english/advisories/2010/3056
http://secunia.com/advisories/42368
http://www.debian.org/security/2011/dsa-2207
http://marc.info/?l=bugtraq&m=136485229118404&w=2
http://marc.info/?l=bugtraq&m=133469267822771&w=2
http://marc.info/?l=bugtraq&m=127420533226623&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/50928
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5739
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19110
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10231
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/504044/100/0/threaded
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
History
Created Old Value New Value Data Type Notes
2022-05-10 17:45:48 Added to TrackCVE
2023-02-13 03:03:05 2023-02-13T01:17:02 CVE Modified Date updated