PT-2014-3546 · Apache+5 · Apache Tomcat+5

Publicado

2014-06-24

Atualizado

2022-05-14

CVE-2014-0227

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.41 Apache Tomcat versions 7.0.0 through 7.0.54 Apache Tomcat versions 8.0.0 through 8.0.8

Description The issue allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service by streaming data with malformed chunked transfer coding. This is due to the improper handling of attempts to continue reading data after an error has occurred in the java/org/apache/coyote/http11/filters/ChunkedInputFilter.java file. It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.41, update to version 6.0.42 or later. For Apache Tomcat versions 7.0.0 through 7.0.54, update to version 7.0.55 or later. For Apache Tomcat versions 8.0.0 through 8.0.8, update to version 8.0.9 or later.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19CWE-20

Identificadores relacionados

CESA-2015_0983

CESA-2015_0991

CVE-2014-0227

DLA-232-1

DSA-3447-1

DSA-3530-1

GHSA-42J3-498Q-M6VP

HPSBUX03337

HPSBUX03341

MGASA-2015-0081

RHSA-2014:1019

RHSA-2014:1020

RHSA-2014:1087

RHSA-2014:1088

RHSA-2015:0983

RHSA-2015:0991

RHSA-2015_0983

RHSA-2015_0991

SUSE-SU-2015:1565-1

SUSE-SU-2015_1337-1

SUSE-SU-2015_1565-1

USN-2654-1

USN-2655-1

Produtos afetados

Apache Tomcat

Centos

Hp-Ux

Red Hat

Suse

Ubuntu

PT-2014-3546 · Apache+5 · Apache Tomcat+5

CVE-2014-0227

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 78