CVE-2014-0075

MEDIUM severity · CVSS 5 · CWE-189

5CVSS MEDIUM

Summary

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges required—

User interaction—

Confidentiality impactNone

Integrity impactNone

Availability impact—

Exploit probability (EPSS)47%

AV:N/AC:L/Au:N/C:N/I:N/A:P

Affected products we track (1)

Apache Tomcat

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Additional information

NVD record
http://advisories.mageia.org/MGASA-2014-0268.html
http://linux.oracle.com/errata/ELSA-2014-0865.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://marc.info/?l=bugtraq&m=141390017113542&w=2
http://marc.info/?l=bugtraq&m=144498216801440&w=2
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html