CVE-2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://openwall.com/lists/oss-security/2015/04/10/1
http://svn.apache.org/viewvc?view=revision&revision=1603770
http://svn.apache.org/viewvc?view=revision&revision=1603779
http://tomcat.apache.org/security-6.html	Patch Vendor Advisory
http://svn.apache.org/viewvc?view=revision&revision=1603775
http://tomcat.apache.org/security-8.html	Patch Vendor Advisory
http://tomcat.apache.org/security-7.html	Patch Vendor Advisory
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.debian.org/security/2016/dsa-3530
http://rhn.redhat.com/errata/RHSA-2016-0599.html
http://rhn.redhat.com/errata/RHSA-2016-0597.html
http://rhn.redhat.com/errata/RHSA-2016-0598.html
http://rhn.redhat.com/errata/RHSA-2016-0595.html
http://rhn.redhat.com/errata/RHSA-2016-0596.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://marc.info/?l=bugtraq&m=144498216801440&w=2
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://rhn.redhat.com/errata/RHSA-2015-2661.html
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
https://issues.jboss.org/browse/JWS-220
https://issues.jboss.org/browse/JWS-219
http://www.debian.org/security/2016/dsa-3447
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
http://rhn.redhat.com/errata/RHSA-2015-1622.html
http://rhn.redhat.com/errata/RHSA-2015-1621.html
http://www.ubuntu.com/usn/USN-2655-1
http://www.securityfocus.com/bid/74475
http://www.ubuntu.com/usn/USN-2654-1
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:tomcat:6.0.10:::::::*
	cpe:2.3:a:apache:tomcat:6.0.11:::::::*
	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
	cpe:2.3:a:apache:tomcat:6.0.19:::::::*
	cpe:2.3:a:apache:tomcat:6.0.28:::::::*
	cpe:2.3:a:apache:tomcat:6.0.29:::::::*
	cpe:2.3:a:apache:tomcat:6.0.36:::::::*
	cpe:2.3:a:apache:tomcat:6.0.37:::::::*
	cpe:2.3:a:apache:tomcat:6.0.6:::::::*
	cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
	cpe:2.3:a:apache:tomcat:7.0.53:::::::*
	cpe:2.3:a:apache:tomcat:7.0.22:::::::*
	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
	cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
	cpe:2.3:a:apache:tomcat:6.0.31:::::::*
	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.44:::::::*
	cpe:2.3:a:apache:tomcat:7.0.52:::::::*
	cpe:2.3:a:apache:tomcat:7.0.37:::::::*
	cpe:2.3:a:apache:tomcat:8.0.0:rc10::::::
	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
	cpe:2.3:a:apache:tomcat:7.0.30:::::::*
	cpe:2.3:a:apache:tomcat:7.0.15:::::::*
	cpe:2.3:a:apache:tomcat:7.0.16:::::::*
	cpe:2.3:a:apache:tomcat:7.0.43:::::::*
	cpe:2.3:a:apache:tomcat:7.0.38:::::::*
	cpe:2.3:a:apache:tomcat:7.0.21:::::::*
	cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.49:::::::*
	cpe:2.3:a:apache:tomcat:6.0.39:::::::*
	cpe:2.3:a:apache:tomcat:7.0.12:::::::*
	cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
	cpe:2.3:a:apache:tomcat:7.0.34:::::::*
	cpe:2.3:a:apache:tomcat:7.0.8:::::::*
	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
	cpe:2.3:a:apache:tomcat:6.0.7:::::::*
	cpe:2.3:a:apache:tomcat:6.0.4:::::::*
	cpe:2.3:a:apache:tomcat:7.0.39:::::::*
	cpe:2.3:a:apache:tomcat:7.0.26:::::::*
	cpe:2.3:a:apache:tomcat:7.0.46:::::::*
	cpe:2.3:a:apache:tomcat:8.0.5:::::::*
	cpe:2.3:a:apache:tomcat:7.0.18:::::::*
	cpe:2.3:a:apache:tomcat:7.0.48:::::::*
	cpe:2.3:a:apache:tomcat:7.0.11:::::::*
	cpe:2.3:a:apache:tomcat:6.0.3:::::::*
	cpe:2.3:a:apache:tomcat:7.0.23:::::::*
	cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
	cpe:2.3:a:apache:tomcat:7.0.7:::::::*
	cpe:2.3:a:apache:tomcat:6.0.32:::::::*
	cpe:2.3:a:apache:tomcat:7.0.45:::::::*
	cpe:2.3:a:apache:tomcat:7.0.31:::::::*
	cpe:2.3:a:apache:tomcat:7.0.19:::::::*
	cpe:2.3:a:apache:tomcat:6.0.41:::::::*
	cpe:2.3:a:apache:tomcat:7.0.10:::::::*
	cpe:2.3:a:apache:tomcat:7.0.25:::::::*
	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
	cpe:2.3:a:apache:tomcat:8.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:8.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.6:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:6.0.9:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.47:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.54:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:6.0.43:::::::*
cpe:2.3:a:apache:tomcat:6.0.5:::::::*
cpe:2.3:a:apache:tomcat:7.0.9:::::::*
cpe:2.3:a:apache:tomcat:8.0.8:::::::*
cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:oracle:virtualization:4.71:::::::*
	cpe:2.3:a:oracle:virtualization:4.63:::::::*
	cpe:2.3:a:oracle:virtualization:5.1:::::::*

Information

Published : 2015-06-07 16:59

Updated : 2019-04-15 09:30

NVD link : CVE-2014-0230

Mitre link : CVE-2014-0230

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

apache

tomcat

oracle

virtualization

7.8 /10