CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
87.3%
Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | http_server | 1.3 | cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:* |
apache | http_server | 1.3.0 | cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:* |
apache | http_server | 1.3.1 | cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:* |
apache | http_server | 1.3.2 | cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:* |
apache | http_server | 1.3.10 | cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:* |
apache | http_server | 1.3.11 | cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:* |
apache | http_server | 1.3.12 | cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:* |
apache | http_server | 1.3.13 | cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:* |
apache | http_server | 1.3.14 | cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:* |
apache | http_server | 1.3.15 | cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:* |