CVE-2007-6286 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2007-6286 Interim 1 5 2023-12-09T02:11:56Z current 2021-05-30T12:41:00Z 2023-12-09T02:11:56Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2007-6286 Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N/#BPPEFMFC7GCUUZ5CIPX7VFYKXZCRGT5N E-Mail link for SUSE-SR:2009:004 https://www.suse.com/support/security/rating/ SUSE Security Ratings Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request. CVE-2007-6286 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N