CVE-2003-0866

Description

The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.6 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.

How to fix CVE-2003-0866

To remediate CVE-2003-0866, upgrade the affected package to a fixed version below.

• Debian/tomcat4—upgrade to 4.0.3-3woody3 or later
• Maven/org.apache.tomcat:tomcat—upgrade to 4.1.0 or later

Is CVE-2003-0866 being exploited?

Moderate — EPSS is 20.4%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 4.0.3-3woody3
• >= 4.0, < 4.1.0

References (13)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2003-0866
• WEBbugs.debian.org/cgi-bin/bugreport.cgi?bug=215506
• WEBsecunia.com/advisories/30899
• WEBsecunia.com/advisories/30908
• WEBexchange.xforce.ibmcloud.com