Home > Vulnerability Database > CVE-2007-6286

Mend.io Vulnerability Database

CVE-2007-6286

Date: February 11, 2008

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Severity Score

3.7

Related Resources (32)

Url: http://www.vupen.com/english/advisories/2009/3316

Url: http://tomcat.apache.org/security-5.html

Url: http://securityreason.com/securityalert/3637

Url: http://secunia.com/advisories/30676

Url: http://marc.info/?l=bugtraq&m=139344343412337&w=2

Url: http://www.vmware.com/security/advisories/VMSA-2008-0010.html

Url: http://support.apple.com/kb/HT3216

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-6286

Url: http://secunia.com/advisories/29711

Url: http://www.vupen.com/english/advisories/2008/0488

Url: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html

Url: http://security.gentoo.org/glsa/glsa-200804-10.xml

Url: http://www.vupen.com/english/advisories/2008/2780

Url: http://secunia.com/advisories/32222

Url: http://secunia.com/advisories/57126

Url: http://www.securityfocus.com/archive/1/487823/100/0/threaded

Url: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

Url: http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Url: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html

Url: http://www.securityfocus.com/archive/1/507985/100/0/threaded

Url: http://www.securityfocus.com/bid/31681

Url: http://www.vupen.com/english/advisories/2008/1856/references

Url: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E

Url: http://secunia.com/advisories/28915

Url: http://secunia.com/advisories/37460

Url: http://tomcat.apache.org/security-6.html

Url: http://secunia.com/advisories/28878

Url: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136

Url: https://www.mend.io/vulnerability-database/CVE-2007-6286

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-6286

Date: February 11, 2008

Severity Score

Related Resources (32)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?