Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-0227

Опубликовано: 16 фев. 2015
Источник: debian
EPSS Высокий

Описание

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
tomcat6fixed6.0.41-3package
tomcat7fixed7.0.55-1package
tomcat7fixed7.0.28-4+deb7u3wheezypackage
tomcat8fixed8.0.9-1package

Примечания

  • Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)

  • Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages

  • Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x)

  • Fixed in https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x)

  • Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601332 (8.x)

EPSS

Процентиль: 99%
0.83786
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2014-0227

ubuntu
больше 10 лет назад

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

redhat логотип

CVE-2014-0227

redhat
больше 10 лет назад

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

nvd логотип

CVE-2014-0227

nvd
больше 10 лет назад

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

github логотип

GHSA-42j3-498q-m6vp

github
около 3 лет назад

Improper Input Validation in Apache Tomcat

oracle-oval логотип

ELSA-2015-0991

oracle-oval
около 10 лет назад

ELSA-2015-0991: tomcat6 security and bug fix update (MODERATE)

EPSS

Процентиль: 99%
0.83786
Высокий