CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
EPSS
Percentile
99.3%
Issue Overview:
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075)
It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096)
It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099)
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service. (CVE-2014-0227)
Affected Packages:
tomcat8
Issue Correction:
Run yum update tomcat8 to update your system.
New Packages:
noarch:
tomcat8-admin-webapps-8.0.20-1.53.amzn1.noarch
tomcat8-servlet-3.1-api-8.0.20-1.53.amzn1.noarch
tomcat8-docs-webapp-8.0.20-1.53.amzn1.noarch
tomcat8-jsp-2.3-api-8.0.20-1.53.amzn1.noarch
tomcat8-webapps-8.0.20-1.53.amzn1.noarch
tomcat8-log4j-8.0.20-1.53.amzn1.noarch
tomcat8-javadoc-8.0.20-1.53.amzn1.noarch
tomcat8-lib-8.0.20-1.53.amzn1.noarch
tomcat8-el-3.0-api-8.0.20-1.53.amzn1.noarch
tomcat8-8.0.20-1.53.amzn1.noarch
src:
tomcat8-8.0.20-1.53.amzn1.src
Red Hat: CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0227
Mitre: CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0227