CVE-2014-0230

Published: Jun 7, 2015Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Affected (114)

Products: Apache: Tomcat · Oracle: Virtualization

1 product

1 product

Configuration A

111 vulnerable

Vulnerable Software	Affected Versions
Apache Tomcat	Version 6.0.0
Apache Tomcat	Version 6.0.0 alpha
Apache Tomcat	Version 6.0.10
Apache Tomcat	Version 6.0.11
Apache Tomcat	Version 6.0.12
Apache Tomcat	Version 6.0.13
Apache Tomcat	Version 6.0.14
Apache Tomcat	Version 6.0.15
Apache Tomcat	Version 6.0.16
Apache Tomcat	Version 6.0.17
Apache Tomcat	Version 6.0.18
Apache Tomcat	Version 6.0.19
Apache Tomcat	Version 6.0.1
Apache Tomcat	Version 6.0.1 alpha
Apache Tomcat	Version 6.0.20
Apache Tomcat	Version 6.0.24
Apache Tomcat	Version 6.0.26
Apache Tomcat	Version 6.0.27
Apache Tomcat	Version 6.0.28
Apache Tomcat	Version 6.0.29
Apache Tomcat	Version 6.0.2
Apache Tomcat	Version 6.0.2 alpha
Apache Tomcat	Version 6.0.2 beta
Apache Tomcat	Version 6.0.30
Apache Tomcat	Version 6.0.31
Apache Tomcat	Version 6.0.32
Apache Tomcat	Version 6.0.33
Apache Tomcat	Version 6.0.35
Apache Tomcat	Version 6.0.36
Apache Tomcat	Version 6.0.37
Apache Tomcat	Version 6.0.39
Apache Tomcat	Version 6.0.3
Apache Tomcat	Version 6.0.41
Apache Tomcat	Version 6.0.43
Apache Tomcat	Version 6.0.4
Apache Tomcat	Version 6.0.4 alpha
Apache Tomcat	Version 6.0.5
Apache Tomcat	Version 6.0.6
Apache Tomcat	Version 6.0.6 alpha
Apache Tomcat	Version 6.0.7
Apache Tomcat	Version 6.0.7 alpha
Apache Tomcat	Version 6.0.7 beta
Apache Tomcat	Version 6.0.8
Apache Tomcat	Version 6.0.8 alpha
Apache Tomcat	Version 6.0.9
Apache Tomcat	Version 6.0.9 beta
Apache Tomcat	Version 7.0.0
Apache Tomcat	Version 7.0.0 beta
Apache Tomcat	Version 7.0.10
Apache Tomcat	Version 7.0.11
Apache Tomcat	Version 7.0.12
Apache Tomcat	Version 7.0.13
Apache Tomcat	Version 7.0.14
Apache Tomcat	Version 7.0.15
Apache Tomcat	Version 7.0.16
Apache Tomcat	Version 7.0.17
Apache Tomcat	Version 7.0.18
Apache Tomcat	Version 7.0.19
Apache Tomcat	Version 7.0.1
Apache Tomcat	Version 7.0.20
Apache Tomcat	Version 7.0.21
Apache Tomcat	Version 7.0.22
Apache Tomcat	Version 7.0.23
Apache Tomcat	Version 7.0.24
Apache Tomcat	Version 7.0.25
Apache Tomcat	Version 7.0.26
Apache Tomcat	Version 7.0.27
Apache Tomcat	Version 7.0.28
Apache Tomcat	Version 7.0.29
Apache Tomcat	Version 7.0.2
Apache Tomcat	Version 7.0.2 beta
Apache Tomcat	Version 7.0.30
Apache Tomcat	Version 7.0.31
Apache Tomcat	Version 7.0.32
Apache Tomcat	Version 7.0.33
Apache Tomcat	Version 7.0.34
Apache Tomcat	Version 7.0.35
Apache Tomcat	Version 7.0.36
Apache Tomcat	Version 7.0.37
Apache Tomcat	Version 7.0.38
Apache Tomcat	Version 7.0.39
Apache Tomcat	Version 7.0.3
Apache Tomcat	Version 7.0.40
Apache Tomcat	Version 7.0.41
Apache Tomcat	Version 7.0.42
Apache Tomcat	Version 7.0.43
Apache Tomcat	Version 7.0.44
Apache Tomcat	Version 7.0.45
Apache Tomcat	Version 7.0.46
Apache Tomcat	Version 7.0.47
Apache Tomcat	Version 7.0.48
Apache Tomcat	Version 7.0.49
Apache Tomcat	Version 7.0.4
Apache Tomcat	Version 7.0.4 beta
Apache Tomcat	Version 7.0.50
Apache Tomcat	Version 7.0.52
Apache Tomcat	Version 7.0.53
Apache Tomcat	Version 7.0.54
Apache Tomcat	Version 7.0.5
Apache Tomcat	Version 7.0.6
Apache Tomcat	Version 7.0.7
Apache Tomcat	Version 7.0.8
Apache Tomcat	Version 7.0.9
Apache Tomcat	Version 8.0.0 rc10
Apache Tomcat	Version 8.0.0 rc1
Apache Tomcat	Version 8.0.0 rc2
Apache Tomcat	Version 8.0.0 rc5
Apache Tomcat	Version 8.0.1
Apache Tomcat	Version 8.0.3
Apache Tomcat	Version 8.0.5
Apache Tomcat	Version 8.0.8

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Oracle Virtualization	Version 4.63
Oracle Virtualization	Version 4.71
Oracle Virtualization	Version 5.1

Related CWEs

CWE-399

References (78)

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E

Source: secalert@redhat.com

Vendor Advisory

http://marc.info/?l=bugtraq&m=144498216801440&w=2

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=145974991225029&w=2

Source: secalert@redhat.com

http://openwall.com/lists/oss-security/2015/04/10/1

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1621.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-1622.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2015-2661.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0595.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0596.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0597.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0598.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2016-0599.html

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1603770

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1603775

Source: secalert@redhat.com

http://svn.apache.org/viewvc?view=revision&revision=1603779

Source: secalert@redhat.com

http://tomcat.apache.org/security-6.html

Source: secalert@redhat.com

PatchVendor Advisory

http://tomcat.apache.org/security-7.html

Source: secalert@redhat.com

PatchVendor Advisory

http://tomcat.apache.org/security-8.html

Source: secalert@redhat.com

PatchVendor Advisory

http://www.debian.org/security/2016/dsa-3447

Source: secalert@redhat.com

http://www.debian.org/security/2016/dsa-3530

Source: secalert@redhat.com

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Source: secalert@redhat.com

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/74475

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2654-1

Source: secalert@redhat.com

http://www.ubuntu.com/usn/USN-2655-1

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2015:2659

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2015:2660

Source: secalert@redhat.com

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Source: secalert@redhat.com

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

Source: secalert@redhat.com

https://issues.jboss.org/browse/JWS-219

Source: secalert@redhat.com

https://issues.jboss.org/browse/JWS-220

Source: secalert@redhat.com

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Source: secalert@redhat.com

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E