java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x prior to 8.0.4 allows remote malicious users to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 8.0.1 |
||
apache tomcat 8.0.0 |
||
apache tomcat 8.0.3 |