Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. (CVE-2014-0075)
Impact
An attacker may be able to cause a denial-of-service (DoS). This vulnerability is considered local, as it is exploitable only by an authenticated user accessing the system using the Configuration utility.