Hitachi Incident Response Team has reported a vulnerability in Tomcat, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an error in the servlet / JSP communication handling for the AJP12 protocol. This can be exploited to cause a vulnerable server to stop processing further requests by sending a specially crafted request to the APJ12 protocol port (8007/tcp by default).
The vulnerability has been reported in version 3.x.
SOFTWARE:
Apache Tomcat 3.x
SOLUTION:
The vulnerability has been fixed in the 5.x releases.
Filter traffic to the APJ12 protocol port (default is 8007/tcp).
VERIFY ADVISORY:
http://secunia.com/advisories/14569/
Secunia Security Advisories
http://community.securityteam.us/article.php/2005031510512522