4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.047 Low
EPSS
Percentile
92.5%
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the
native APR connector is used, does not properly handle an empty request to
the SSL port, which allows remote attackers to trigger handling of โa
duplicate copy of one of the recent requests,โ as demonstrated by using
netcat to send the empty request.
Author | Note |
---|---|
fujitsu | At least 5.5 doesnโt use the native APR connector. |