|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-10-15 | |
| Rule Name: | Apache Tomcat ChunkedInputFilter Denial of Service Vulnerability (CVE-2014-0227) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Others | |
| Reference: | SecurityFocusBID:72717 http://advisories.mageia.org/MGASA-2015-0081.html http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: http://tomcat.apache.org/security-6.html |