Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat prior to 6.0.40, 7.x prior to 7.0.53, and 8.x prior to 8.0.4 allows remote malicious users to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 7.0.0 |
||
apache tomcat 7.0.1 |
||
apache tomcat 7.0.2 |
||
apache tomcat 7.0.3 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.5 |
||
apache tomcat 7.0.6 |
||
apache tomcat 7.0.7 |
||
apache tomcat 7.0.8 |
||
apache tomcat 7.0.9 |
||
apache tomcat 7.0.10 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.13 |
||
apache tomcat 7.0.14 |
||
apache tomcat 7.0.15 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.17 |
||
apache tomcat 7.0.18 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.24 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.26 |
||
apache tomcat 7.0.27 |
||
apache tomcat 7.0.28 |
||
apache tomcat 7.0.29 |
||
apache tomcat 7.0.30 |
||
apache tomcat 7.0.31 |
||
apache tomcat 7.0.32 |
||
apache tomcat 7.0.33 |
||
apache tomcat 7.0.34 |
||
apache tomcat 7.0.35 |
||
apache tomcat 7.0.36 |
||
apache tomcat 7.0.37 |
||
apache tomcat 7.0.38 |
||
apache tomcat 7.0.39 |
||
apache tomcat 7.0.40 |
||
apache tomcat 7.0.41 |
||
apache tomcat 7.0.42 |
||
apache tomcat 7.0.43 |
||
apache tomcat 7.0.44 |
||
apache tomcat 7.0.45 |
||
apache tomcat 7.0.46 |
||
apache tomcat 7.0.47 |
||
apache tomcat 7.0.48 |
||
apache tomcat 7.0.49 |
||
apache tomcat 7.0.50 |
||
apache tomcat 7.0.52 |
||
apache tomcat 8.0.0 |
||
apache tomcat 8.0.1 |
||
apache tomcat 8.0.3 |
||
apache tomcat |
||
apache tomcat 6 |
||
apache tomcat 6.0 |
||
apache tomcat 6.0.0 |
||
apache tomcat 6.0.1 |
||
apache tomcat 6.0.2 |
||
apache tomcat 6.0.3 |
||
apache tomcat 6.0.4 |
||
apache tomcat 6.0.5 |
||
apache tomcat 6.0.6 |
||
apache tomcat 6.0.7 |
||
apache tomcat 6.0.8 |
||
apache tomcat 6.0.9 |
||
apache tomcat 6.0.10 |
||
apache tomcat 6.0.11 |
||
apache tomcat 6.0.12 |
||
apache tomcat 6.0.13 |
||
apache tomcat 6.0.14 |
||
apache tomcat 6.0.15 |
||
apache tomcat 6.0.16 |
||
apache tomcat 6.0.17 |
||
apache tomcat 6.0.18 |
||
apache tomcat 6.0.19 |
||
apache tomcat 6.0.20 |
||
apache tomcat 6.0.24 |
||
apache tomcat 6.0.26 |
||
apache tomcat 6.0.27 |
||
apache tomcat 6.0.28 |
||
apache tomcat 6.0.29 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.31 |
||
apache tomcat 6.0.32 |
||
apache tomcat 6.0.33 |
||
apache tomcat 6.0.35 |
||
apache tomcat 6.0.36 |
||
apache tomcat 6.0.37 |
Versions 6, 7 and 8 contain bugs
Apache has patched a series of low-level bugs in Tomcat that allowed attackers to launch denial of service and bypass file access restrictions. The vulnerabilities affected versions six, seven and eight of the popular open source web server. They were discovered from February to April and patched late May. One of the information disclosure affecting version six (CVE-2014-0096) allowed a malicious web app to bypass file access constraints under certain conditions: One of the DoS bugs (CVE-2014-00...