CVE-2014-0230 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=6.0.0 <6.0.44 || >=7.0.0 <7.0.55 || >=8.0.0 <8.0.9

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: 0.0794 pctl0.91713

Details

Uncontrolled Resource Consumption in Apache Tomcat Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Metadata

Created: 2022-05-14T01:10:18Z
Modified: 2024-03-01T16:10:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxcx-cxq8-4mmw/GHSA-pxcx-cxq8-4mmw.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-pxcx-cxq8-4mmw
Finding: F067
Auto approve: 1