漏洞信息(CVE-2007-6286)

一、漏洞 CVE-2007-6286 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

当使用原生APR客户端连接时，Apache Tomcat 5.5.11 through 5.5.25和6.0.0 through 6.0.15无法正确处理向SSL端口发送空请求。这导致远程攻击者触发处理最近请求的“复制副本”，如使用netcat发送空请求所示。

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Apache Tomcat SSL端口空请求设计错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Apache Tomcat，当原本的 ARP 连接被使用时，不能恰当地处理 SSL 端口的空请求，导致允许远程攻击者触发一个最近请求的双份拷贝处理，使用 netcat 发送空请求证明了这一点。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

其他

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-6286 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2007-6286 的情报信息

http://tomcat.apache.org/security-5.html x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2008-0010.html x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2009-0016.html x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html x_refsource_CONFIRM
http://support.apple.com/kb/HT3216 x_refsource_CONFIRM
http://securityreason.com/securityalert/3637 third-party-advisory x_refsource_SREASON
http://secunia.com/advisories/30676 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/32222 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/57126 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29711 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28878 third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/31681 vdb-entry x_refsource_BID
http://secunia.com/advisories/37460 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28915 third-party-advisory x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=139344343412337&w=2 vendor-advisory x_refsource_HP
http://www.vupen.com/english/advisories/2008/0488 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2009/3316 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/1856/references vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/2780 vdb-entry x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136 vendor-advisory x_refsource_MANDRIVA
http://security.gentoo.org/glsa/glsa-200804-10.xml vendor-advisory x_refsource_GENTOO
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00460.html vendor-advisory x_refsource_FEDORA
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00315.html vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html vendor-advisory x_refsource_SUSE
http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html vendor-advisory x_refsource_APPLE
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
http://www.securityfocus.com/archive/1/487823/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E mailing-list x_refsource_MLIST
http://www.securityfocus.com/archive/1/507985/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-6286

一、 漏洞 CVE-2007-6286 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-6286 的公开POC

三、漏洞 CVE-2007-6286 的情报信息

一、漏洞 CVE-2007-6286 基础信息