Lucene search

[email protected]CVE-2014-0227

HistoryFeb 16, 2015 - 12:59 a.m.

CVE-2014-0227

2015-02-1600:59:00

CWE-19

[email protected]

web.nvd.nist.gov

108

cve-2014-0227

apache tomcat

http request smuggling

denial of service

nvd

security advisory

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

JSON

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Affected configurations

NVD

Node

apachetomcatMatch6.0.0

apachetomcatMatch6.0.0alpha

apachetomcatMatch6.0.1

apachetomcatMatch6.0.1alpha

apachetomcatMatch6.0.2

apachetomcatMatch6.0.2alpha

apachetomcatMatch6.0.2beta

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.4alpha

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.6alpha

apachetomcatMatch6.0.7

apachetomcatMatch6.0.7alpha

apachetomcatMatch6.0.7beta

apachetomcatMatch6.0.8

apachetomcatMatch6.0.8alpha

apachetomcatMatch6.0.9

apachetomcatMatch6.0.9beta

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

apachetomcatMatch6.0.35

apachetomcatMatch6.0.36

apachetomcatMatch6.0.37

apachetomcatMatch6.0.39

apachetomcatMatch6.0.41

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.2beta

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.4beta

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

apachetomcatMatch7.0.23

apachetomcatMatch7.0.24

apachetomcatMatch7.0.25

apachetomcatMatch7.0.26

apachetomcatMatch7.0.27

apachetomcatMatch7.0.28

apachetomcatMatch7.0.29

apachetomcatMatch7.0.30

apachetomcatMatch7.0.31

apachetomcatMatch7.0.32

apachetomcatMatch7.0.33

apachetomcatMatch7.0.34

apachetomcatMatch7.0.35

apachetomcatMatch7.0.36

apachetomcatMatch7.0.37

apachetomcatMatch7.0.38

apachetomcatMatch7.0.39

apachetomcatMatch7.0.40

apachetomcatMatch7.0.41

apachetomcatMatch7.0.42

apachetomcatMatch7.0.43

apachetomcatMatch7.0.44

apachetomcatMatch7.0.45

apachetomcatMatch7.0.46

apachetomcatMatch7.0.47

apachetomcatMatch7.0.48

apachetomcatMatch7.0.49

apachetomcatMatch7.0.50

apachetomcatMatch7.0.52

apachetomcatMatch7.0.53

apachetomcatMatch7.0.54

apachetomcatMatch8.0.0rc1

apachetomcatMatch8.0.0rc10

apachetomcatMatch8.0.0rc2

apachetomcatMatch8.0.0rc5

apachetomcatMatch8.0.1

apachetomcatMatch8.0.3

apachetomcatMatch8.0.5

apachetomcatMatch8.0.8

CPENameOperatorVersion
apache:tomcatapache tomcateq6.0.0
apache:tomcatapache tomcateq6.0.1
apache:tomcatapache tomcateq6.0.2
apache:tomcatapache tomcateq6.0.3
apache:tomcatapache tomcateq6.0.4
apache:tomcatapache tomcateq6.0.5
apache:tomcatapache tomcateq6.0.6
apache:tomcatapache tomcateq6.0.7
apache:tomcatapache tomcateq6.0.8
apache:tomcatapache tomcateq6.0.9

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	6.0.0
apache:tomcat	apache tomcat	eq	6.0.1
apache:tomcat	apache tomcat	eq	6.0.2
apache:tomcat	apache tomcat	eq	6.0.3
apache:tomcat	apache tomcat	eq	6.0.4
apache:tomcat	apache tomcat	eq	6.0.5
apache:tomcat	apache tomcat	eq	6.0.6
apache:tomcat	apache tomcat	eq	6.0.7
apache:tomcat	apache tomcat	eq	6.0.8
apache:tomcat	apache tomcat	eq	6.0.9

Rows per page:

1-10 of 941

References

advisories.mageia.org/MGASA-2015-0081.html

archives.neohapsis.com/archives/bugtraq/2015-02/0067.html

lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html

marc.info/?l=bugtraq&m=143393515412274&w=2

marc.info/?l=bugtraq&m=143403519711434&w=2

rhn.redhat.com/errata/RHSA-2015-0675.html

rhn.redhat.com/errata/RHSA-2015-0720.html

rhn.redhat.com/errata/RHSA-2015-0765.html

rhn.redhat.com/errata/RHSA-2015-0983.html

rhn.redhat.com/errata/RHSA-2015-0991.html

svn.apache.org/viewvc?view=revision&revision=1600984

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www.debian.org/security/2016/dsa-3447

www.debian.org/security/2016/dsa-3530

www.mandriva.com/security/advisories?name=MDVSA-2015:052

www.mandriva.com/security/advisories?name=MDVSA-2015:053

www.mandriva.com/security/advisories?name=MDVSA-2015:084

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/72717

www.securitytracker.com/id/1032791

www.ubuntu.com/usn/USN-2654-1

www.ubuntu.com/usn/USN-2655-1

bugzilla.redhat.com/show_bug.cgi?id=1109196

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

source.jboss.org/changelog/JBossWeb?cs=2455

Social References

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.2 Medium

AI Score

Confidence

Low

0.946 High

EPSS

Percentile

99.3%

JSON

CVE-2014-0227

Affected configurations

References

Social References

Related