tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Swapan Gupta <swapan.gu...@gmail.com>
Subject Re: Question about CVE-2009-0033 DOS vulnerability
Date Thu, 09 Jul 2009 19:48:34 GMT
>
> Hi,
>
>
>
> I have a question about the applicability of the CVE-2009-0033<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0033>DoS
vulnerability in Tomcat 5.5.x.
>
>
>
> I have come across the description of the vulnerability at multiple places,
> but at most of the places it is mentioned that this vulnerability is
> applicable when the Java AJP connector (inside Tomcat) and the mod_jk
> loadbalancing (in Apache) is used.
>
>
>
> Can someone please confirm if this vulnerability be applicable even in the
> scenario where I have a single AJP connector configured with mod_jk? I do
> not have the mod_jk configured in a load balancing mode to multiple AJP
> connector ports on Tomcat. I just have a single worker defined in the
> worker.properties file.
>
>
>
> Appreciate any quick responses which could help in making this
> determination.
>
>
>
> Thanks
>
> Swapan.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message