Vulnerability & Exploit Database

Back to search

VMSA-2009-0016.6: WebAccess Context Data Cross-site Scripting Vulnerability (CVE-2007-6286)

Severity CVSS Published Added Modified
4 (AV:N/AC:M/Au:N/C:N/I:P/A:N) February 12, 2008 September 02, 2010 February 13, 2015

Description

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

vmware-esx35-upgrade-226117

Related Vulnerabilities