Описание
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| devel | DNE | |
| esm-apps/xenial | released | 6.0.45+dfsg-1 |
| esm-infra-legacy/trusty | not-affected | 6.0.39-1ubuntu0.1 |
| lucid | ignored | end of life |
| precise | released | 6.0.35-1ubuntu3.6 |
| precise/esm | not-affected | 6.0.35-1ubuntu3.6 |
| trusty | released | 6.0.39-1ubuntu0.1 |
| trusty/esm | not-affected | 6.0.39-1ubuntu0.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-apps/xenial | not-affected | |
| esm-infra-legacy/trusty | not-affected | 7.0.52-1ubuntu0.3 |
| lucid | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | released | 7.0.52-1ubuntu0.3 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | |
| bionic | not-affected | |
| devel | not-affected | |
| esm-apps/bionic | not-affected | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/xenial | not-affected | |
| lucid | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apach ...
ELSA-2015-0991: tomcat6 security and bug fix update (MODERATE)
EPSS
6.4 Medium
CVSS2