Signature Detail

Short Name	HTTP:TOMCAT:AJP12-SHUTDOWN
Severity	Medium
Recommended	No
Recommended Action	Drop
Category	HTTP
Keywords	Apache Tomcat Server AJP12 Shutdown DoS
Release Date	2004/12/17
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: Apache Tomcat Server AJP12 Shutdown DoS

This signature detects attempts to send commands to the Apache Tomcat AJP12 Connector process. This process has no authentication and can be used to shut down the Web-server.

Extended Description

Apache Tomcat 4 has been reported prone to a remotely triggered denial-of-service vulnerability when handling undisclosed non-HTTP request types. When certain non-HTTP request types are handled by the Tomcat HTTP connector, the Tomcat server will reject subsequent requests on the affected port until the service is restarted.

Affected Products

Apache Software Foundation Tomcat 4.0.0
Apache Software Foundation Tomcat 4.0.1
Apache Software Foundation Tomcat 4.0.2
Apache Software Foundation Tomcat 4.0.3
Apache Software Foundation Tomcat 4.0.4
Apache Software Foundation Tomcat 4.0.5
Apache Software Foundation Tomcat 4.0.6
Sun Solaris 10 Sparc
Sun Solaris 10 X86
Sun Solaris 9 Sparc
Sun Solaris 9 X86

References

BugTraq: 8824
CVE: CVE-2005-0808
URL: http://jakarta.apache.org/tomcat/
URL: http://www.debian.org/security/2003/dsa-395
URL: http://www.kb.cert.org/vuls/id/JGEI-6A2LEF

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: Apache Tomcat Server AJP12 Shutdown DoS

Extended Description

Affected Products

References