6.4
CVSSv2

CVE-2014-0227

Published: 16/02/2015 Updated: 15/04/2019
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

Vulnerability Summary

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x prior to 6.0.42, 7.x prior to 7.0.55, and 8.x prior to 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote malicious users to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Affected Products

Vendor Product Versions
ApacheTomcat6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 6.0.7, 6.0.8, 6.0.9, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.35, 6.0.36, 6.0.37, 6.0.39, 6.0.41, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.47, 7.0.48, 7.0.49, 7.0.50, 7.0.52, 7.0.53, 7.0.54, 8.0.0, 8.0.1, 8.0.3, 8.0.5, 8.0.8

Vendor Advisories

Several security issues were fixed in Tomcat ...
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service ...
Several security issues were fixed in Tomcat ...
It was discovered that malicious web applications could use the Expression Language to bypass protections of a Security Manager as expressions were evaluated within a privileged code section For the oldstable distribution (wheezy), this problem has been fixed in version 7028-4+deb7u3 This update also provides fixes for CVE-2013-4444, CVE-2014-0 ...
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources (CVE-2014-0075 ...
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources (CVE-2014-0075 ...
<!-- Start - Changes for Security Advisory Channel --> Security Advisory ID SYMSA1329 Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score: Legacy ID 23 Jul 2015 Open High CVSS v2: 78 SA100 ...
<!-- content goes here --> Oracle Solaris Third Party Bulletin - April 2015 Description The Oracle Solaris Third Party Bulletin announces patches for one or more security vulnerabilities fixed in third party software that is included in Oracle Solaris distributions Starting January 20, 2015, Third Party Bulletins are released on the same day when ...
Oracle Critical Patch Update Advisory - October 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Critical Patch Update Advisory - July 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch U ...

References

CWE-19http://advisories.mageia.org/MGASA-2015-0081.htmlhttp://archives.neohapsis.com/archives/bugtraq/2015-02/0067.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.htmlhttp://marc.info/?l=bugtraq&m=143393515412274&w=2http://marc.info/?l=bugtraq&m=143403519711434&w=2http://rhn.redhat.com/errata/RHSA-2015-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0983.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0991.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1600984http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2016/dsa-3447http://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.mandriva.com/security/advisories?name=MDVSA-2015:053http://www.mandriva.com/security/advisories?name=MDVSA-2015:084http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.securityfocus.com/bid/72717http://www.securitytracker.com/id/1032791http://www.ubuntu.com/usn/USN-2654-1http://www.ubuntu.com/usn/USN-2655-1https://bugzilla.redhat.com/show_bug.cgi?id=1109196https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://source.jboss.org/changelog/JBossWeb?cs=2455https://www.rapid7.com/db/vulnerabilities/linuxrpm-ELSA-2015-0991http://tools.cisco.com/security/center/viewAlert.x?alertId=37408https://nvd.nist.govhttps://usn.ubuntu.com/2655-1/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-0991