PT-2014-3546 · Apache+5 · Apache Tomcat+5
Published
2014-06-24
·
Updated
2022-05-14
·
CVE-2014-0227
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 6.0.0 through 6.0.41
Apache Tomcat versions 7.0.0 through 7.0.54
Apache Tomcat versions 8.0.0 through 8.0.8
Description
The issue allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service by streaming data with malformed chunked transfer coding. This is due to the improper handling of attempts to continue reading data after an error has occurred in the
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java file. It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request.Recommendations
For Apache Tomcat versions 6.0.0 through 6.0.41, update to version 6.0.42 or later.
For Apache Tomcat versions 7.0.0 through 7.0.54, update to version 7.0.55 or later.
For Apache Tomcat versions 8.0.0 through 8.0.8, update to version 8.0.9 or later.
Fix
DoS
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Tomcat
Centos
Hp-Ux
Red Hat
Suse
Ubuntu