|
|
Apache Tomcat Non-HTTP请求拒绝服务攻击漏洞
发布时间:2003-10-15
更新时间:2003-10-15
严重程度:中
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式
BUGTRAQ ID:8824
CVE(CAN) ID:CAN-2003-0866
受影响系统Apache Software Foundation Tomcat 4.0
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.1
- Debian Linux 2.2
- Digital UNIX 4.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 5.0
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- NetBSD NetBSD 1.4.1 x86
- NetBSD NetBSD 1.4.2 x86
- RedHat Linux 6.1 i386
- RedHat Linux 6.2 i386
- SGI IRIX 6.4
- SGI IRIX 6.5
- Sun Solaris 7.0
- Sun Solaris 8.0
Apache Software Foundation Tomcat 4.0.1
- BSDI BSD/OS 4.0
- Caldera OpenLinux 2.4
- Conectiva Linux 5.1
- Debian Linux 2.1
- Debian Linux 2.2
- Digital UNIX 4.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 5.0
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- NetBSD NetBSD 1.4.1 x86
- NetBSD NetBSD 1.4.2 x86
- RedHat Linux 6.1 i386
- RedHat Linux 6.2 i386
- SGI IRIX 3.3
- SGI IRIX 6.4
- SGI IRIX 6.5
- Sun Solaris 7.0
- Sun Solaris 8.0
Apache Software Foundation Tomcat 4.0.2
Apache Software Foundation Tomcat 4.0.3
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
Apache Software Foundation Tomcat 4.0.4
Apache Software Foundation Tomcat 4.0.5
+ RedHat Stronghold 4.0
Apache Software Foundation Tomcat 4.0.6
+ Gentoo Linux 1.2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc3
not vulnerable Apache Software Foundation Tomcat 4.1.24
+ Gentoo Linux 1.2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc3 详细描述
Apache Tomcat 4在处理特定的非HTTP类型请求时存在漏洞,可导致产生拒绝服务。
解决方案
DEBIAN系统补丁下载:
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.dsc
Size/MD5 checksum: 708 64c5aa3e586635edcd2678d10ab809d2
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3.diff.gz
Size/MD5 checksum: 16223 bafcad535ede73b939b31e32be50ca9b
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3.orig.tar.gz
Size/MD5 checksum: 1588186 2b2e0d859f7152e5225633933e6585d6
Architecture independent components:
http://security.debian.org/pool/updates/contrib/t/tomcat4/libtomcat4-java_4.0.3-3woody3_all.deb
Size/MD5 checksum: 1134260 e667be7a8c67c26834069f15dd93f616
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4-webapps_4.0.3-3woody3_all.deb
Size/MD5 checksum: 1164474 9b3283713a2de35d7647f4b9e9820c99
http://security.debian.org/pool/updates/contrib/t/tomcat4/tomcat4_4.0.3-3woody3_all.deb
Size/MD5 checksum: 126724 39150e4598d20ed52d49a470d2d8ce7b
相关信息
参考:http://www.securityfocus.com/advisories/5977
|
