CVE-2014-0227 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=6.0.0 <6.0.42 || >=7.0.0 <7.0.55 || >=8.0.0 <8.0.9

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.85997 pctl0.9935

Details

Improper Input Validation in Apache Tomcat `java/org/apache/coyote/http11/filters/ChunkedInputFilter.java` in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Metadata

Created: 2022-05-14T01:10:18Z
Modified: 2024-04-16T16:03:44Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-42j3-498q-m6vp/GHSA-42j3-498q-m6vp.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-42j3-498q-m6vp
Finding: F184
Auto approve: 1