PT-2014-1448 · Apache · Apache Tomcat

Published

2014-03-27

Updated

2022-05-17

CVE-2014-0095

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions prior to 8.0.4

Description The issue allows remote attackers to cause a denial of service by consuming threads, leading to a hang in request processing. This is achieved by using an AJP request with a "Content-Length: 0" header.

Recommendations For versions prior to 8.0.4, update to version 8.0.4 or later to resolve the issue. As a temporary workaround, consider restricting AJP requests with a "Content-Length: 0" header to minimize the risk of exploitation.

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-00411

CVE-2014-0095

GHSA-WF5V-JHXJ-Q632

Affected Products

Apache Tomcat

PT-2014-1448 · Apache · Apache Tomcat

CVE-2014-0095

Weakness Enumeration

Related Identifiers

Affected Products

References · 23