Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2007-6286
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-12 Feb, 2008 | 01:00
Updated At-23 Apr, 2026 | 00:35

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
The Apache Software Foundation
apache
>>tomcat>>5.5.11
cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.12
cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.13
cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.14
cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.15
cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.16
cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.17
cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.18
cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.19
cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.20
cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.21
cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.22
cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.23
cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.24
cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.25
cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.0
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.1
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.2
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.3
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.4
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.5
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.6
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.7
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.8
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.9
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.10
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.11
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.12
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.13
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.14
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>6.0.15
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2008-04-17T00:00:00

Not Vulnerable. Red Hat does not ship a version of Apache Tomcat that enables the native APR connector.

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=139344343412337&w=2secalert@redhat.com
N/A
http://secunia.com/advisories/28878secalert@redhat.com
N/A
http://secunia.com/advisories/28915secalert@redhat.com
N/A
http://secunia.com/advisories/29711secalert@redhat.com
N/A
http://secunia.com/advisories/30676secalert@redhat.com
N/A
http://secunia.com/advisories/32222secalert@redhat.com
N/A
http://secunia.com/advisories/37460secalert@redhat.com
N/A
http://secunia.com/advisories/57126secalert@redhat.com
N/A
http://security.gentoo.org/glsa/glsa-200804-10.xmlsecalert@redhat.com
N/A
http://securityreason.com/securityalert/3637secalert@redhat.com
N/A
http://support.apple.com/kb/HT3216secalert@redhat.com
N/A
http://tomcat.apache.org/security-5.htmlsecalert@redhat.com
N/A
http://tomcat.apache.org/security-6.htmlsecalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136secalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/487823/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/507985/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/31681secalert@redhat.com
N/A
http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlsecalert@redhat.com
N/A
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlsecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/0488secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/1856/referencessecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2008/2780secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/3316secalert@redhat.com
N/A
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.htmlsecalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=139344343412337&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/28878af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/28915af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/29711af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/30676af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/32222af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37460af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/57126af854a3a-2127-422b-91ae-364da2661108
N/A
http://security.gentoo.org/glsa/glsa-200804-10.xmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://securityreason.com/securityalert/3637af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT3216af854a3a-2127-422b-91ae-364da2661108
N/A
http://tomcat.apache.org/security-5.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://tomcat.apache.org/security-6.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/487823/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/507985/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/31681af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/security/advisories/VMSA-2008-0010.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/0488af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/1856/referencesaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2008/2780af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/3316af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=139344343412337&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28878
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/28915
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/29711
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/30676
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/32222
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/37460
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/57126
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200804-10.xml
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/3637
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3216
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-5.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-6.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/487823/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31681
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0010.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0488
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1856/references
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2780
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3316
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=139344343412337&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/28878
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/28915
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/29711
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/30676
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/32222
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37460
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/57126
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://security.gentoo.org/glsa/glsa-200804-10.xml
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/3637
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT3216
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-5.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-6.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/487823/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/31681
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2008-0010.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/0488
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/1856/references
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2008/2780
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3316
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Change History
0Changes found
Details not found