CVE-2014-0227

Published: Feb 16, 2015Modified: May 6, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Affected (110)

Products: Apache: Tomcat

Apache

1 product

Tomcat

Configuration A

110 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.0 alpha
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.11
Apache Tomcat	Version 6.0.12
Apache Tomcat	Version 6.0.13
Apache Tomcat	Version 6.0.14
Apache Tomcat	Version 6.0.15
Apache Tomcat	Version 6.0.16
Apache Tomcat	Version 6.0.17
Apache Tomcat	Version 6.0.18
Apache Tomcat	Version 6.0.19
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.1 alpha
Apache Tomcat	Version 6.0.20
Apache Tomcat	Version 6.0.24
Apache Tomcat	Version 6.0.26
Apache Tomcat	Version 6.0.27
Apache Tomcat	Version 6.0.28
Apache Tomcat	Version 6.0.29
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.2 alpha
Apache Tomcat	Version 6.0.2 beta
Apache Tomcat	Version 6.0.30
Apache Tomcat	Version 6.0.31
Apache Tomcat	Version 6.0.32
Apache Tomcat	Version 6.0.33
Apache Tomcat	Version 6.0.35
Apache Tomcat	Version 6.0.36
Apache Tomcat	Version 6.0.37
Apache Tomcat	Version 6.0.39
Apache Tomcat	Version 6.0.3
Apache Tomcat	Version 6.0.41
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.4 alpha
Apache Tomcat	Version 6.0.5
Apache Tomcat	Version 6.0.6
Apache Tomcat	Version 6.0.6 alpha
Apache Tomcat	Version 6.0.7
Apache Tomcat	Version 6.0.7 alpha
Apache Tomcat	Version 6.0.7 beta
Apache Tomcat	Version 6.0.8
Apache Tomcat	Version 6.0.8 alpha
Apache Tomcat	Version 6.0.9
Apache Tomcat	Version 6.0.9 beta
Apache Tomcat	Version 7.0.0
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.13
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.15
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.17
Apache Tomcat	Version 7.0.18
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.1
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.23
Apache Tomcat	Version 7.0.24
Apache Tomcat	Version 7.0.25
Apache Tomcat	Version 7.0.26
Apache Tomcat	Version 7.0.27
Apache Tomcat	Version 7.0.28
Apache Tomcat	Version 7.0.29
Apache Tomcat	Version 7.0.2
Apache Tomcat	Version 7.0.2 beta
Apache Tomcat	Version 7.0.30
Apache Tomcat	Version 7.0.31
Apache Tomcat	Version 7.0.32
Apache Tomcat	Version 7.0.33
Apache Tomcat	Version 7.0.34
Apache Tomcat	Version 7.0.35
Apache Tomcat	Version 7.0.36
Apache Tomcat	Version 7.0.37
Apache Tomcat	Version 7.0.38
Apache Tomcat	Version 7.0.39
Apache Tomcat	Version 7.0.3
Apache Tomcat	Version 7.0.40
Apache Tomcat	Version 7.0.41
Apache Tomcat	Version 7.0.42
Apache Tomcat	Version 7.0.43
Apache Tomcat	Version 7.0.44
Apache Tomcat	Version 7.0.45
Apache Tomcat	Version 7.0.46
Apache Tomcat	Version 7.0.47
Apache Tomcat	Version 7.0.48
Apache Tomcat	Version 7.0.49
Apache Tomcat	Version 7.0.4
Apache Tomcat	Version 7.0.4 beta
Apache Tomcat	Version 7.0.50
Apache Tomcat	Version 7.0.52
Apache Tomcat	Version 7.0.53
Apache Tomcat	Version 7.0.54
Apache Tomcat	Version 7.0.5
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 7.0.7
Apache Tomcat	Version 7.0.8
Apache Tomcat	Version 7.0.9
Apache Tomcat	Version 8.0.0 rc10
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 8.0.0 rc2
Apache Tomcat	Version 8.0.0 rc5
Apache Tomcat	Version 8.0.1
Apache Tomcat	Version 8.0.3
Apache Tomcat	Version 8.0.5
Apache Tomcat	Version 8.0.8

Related CWEs

CWE-19

References (70)

http://advisories.mageia.org/MGASA-2015-0081.html

Source: secalert@redhat.com

http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=143393515412274&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=143403519711434&w=2

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0675.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0720.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0765.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0983.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-0991.html

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1600984

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

Vendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2016/dsa-3447

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3530

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:052

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:053

Source: secalert@redhat.com

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/72717

Source: secalert@redhat.com

http://www.securitytracker.com/id/1032791

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2654-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2655-1

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1109196

Source: secalert@redhat.com

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://source.jboss.org/changelog/JBossWeb?cs=2455

Source: secalert@redhat.com

http://advisories.mageia.org/MGASA-2015-0081.html