CVE-2014-0075

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.39 Apache Tomcat versions 7.0.0 through 7.0.52 Apache Tomcat versions 8.0.0 through 8.0.3

Description The issue allows remote attackers to cause a denial of service through a malformed chunk size in chunked transfer coding of a request during data transmission. This can lead to excessive resource consumption. The problem is related to an integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java. It was possible to craft a malformed chunk size as part of a chunked request, enabling an unlimited amount of data to be streamed to the server and bypassing size limits enforced on a request, thus enabling a denial of service attack.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.39, update to version 6.0.40 or later. For Apache Tomcat versions 7.0.0 through 7.0.52, update to version 7.0.53 or later. For Apache Tomcat versions 8.0.0 through 8.0.3, update to version 8.0.4 or later.