tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Swapan Gupta <>
Subject Re: Question about CVE-2009-0033 DOS vulnerability
Date Thu, 09 Jul 2009 20:40:43 GMT

I have a question about the applicability of the
vulnerability in Tomcat 5.5.x.

I have come across the description of the vulnerability at multiple places,
but at most of the places it is mentioned that this vulnerability is
applicable when the Java AJP connector (inside Tomcat) and the mod_jk
loadbalancing (in Apache) is used.

Can someone please confirm if this vulnerability be applicable even in the
scenario where I have a single AJP connector configured with mod_jk? I do
not have the mod_jk configured in a load balancing mode to multiple AJP
connector ports on Tomcat. I just have a single worker defined in the file.

Appreciate any quick responses which could help in making this



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message