Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0227

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-0227
Last Modified 16 Jul 2015 09:59:46
Published 15 Feb 2015 07:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0227

Summary

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Vulnerable Systems

Application

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.17

  • Apache Tomcat 6.0.18

  • Apache Tomcat 6.0.19

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.20

  • Apache Tomcat 6.0.24

  • Apache Tomcat 6.0.26

  • Apache Tomcat 6.0.27

  • Apache Tomcat 6.0.28

  • Apache Tomcat 6.0.29

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.30

  • Apache Tomcat 6.0.31

  • Apache Tomcat 6.0.32

  • Apache Tomcat 6.0.33

  • Apache Tomcat 6.0.35

  • Apache Tomcat 6.0.36

  • Apache Tomcat 6.0.37

  • Apache Tomcat 6.0.39

  • Apache Tomcat 6.0.4

  • Apache Tomcat 6.0.41

  • Apache Tomcat 6.0.5

  • Apache Tomcat 6.0.6

  • Apache Tomcat 6.0.7

  • Apache Tomcat 6.0.8

  • Apache Tomcat 6.0.9

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.12

  • Apache Tomcat 7.0.13

  • Apache Tomcat 7.0.14

  • Apache Tomcat 7.0.15

  • Apache Tomcat 7.0.16

  • Apache Tomcat 7.0.17

  • Apache Tomcat 7.0.18

  • Apache Tomcat 7.0.19

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.20

  • Apache Tomcat 7.0.21

  • Apache Tomcat 7.0.22

  • Apache Tomcat 7.0.23

  • Apache Tomcat 7.0.24

  • Apache Tomcat 7.0.25

  • Apache Tomcat 7.0.26

  • Apache Tomcat 7.0.27

  • Apache Tomcat 7.0.28

  • Apache Tomcat 7.0.29

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.30

  • Apache Tomcat 7.0.31

  • Apache Tomcat 7.0.32

  • Apache Tomcat 7.0.33

  • Apache Tomcat 7.0.34

  • Apache Tomcat 7.0.35

  • Apache Tomcat 7.0.36

  • Apache Tomcat 7.0.37

  • Apache Tomcat 7.0.38

  • Apache Tomcat 7.0.39

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.40

  • Apache Tomcat 7.0.41

  • Apache Tomcat 7.0.42

  • Apache Tomcat 7.0.43

  • Apache Tomcat 7.0.44

  • Apache Tomcat 7.0.45

  • Apache Tomcat 7.0.46

  • Apache Tomcat 7.0.47

  • Apache Tomcat 7.0.48

  • Apache Tomcat 7.0.49

  • Apache Tomcat 7.0.5

  • Apache Tomcat 7.0.50

  • Apache Tomcat 7.0.52

  • Apache Tomcat 7.0.53

  • Apache Tomcat 7.0.54

  • Apache Tomcat 7.0.6

  • Apache Tomcat 7.0.7

  • Apache Tomcat 7.0.8

  • Apache Tomcat 7.0.9

  • Apache Tomcat 8.0.0

  • Apache Tomcat 8.0.1

  • Apache Tomcat 8.0.3

  • Apache Tomcat 8.0.5

  • Apache Tomcat 8.0.8


References

CONFIRM - https://source.jboss.org/changelog/JBossWeb?cs=2455

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1109196

CONFIRM - http://tomcat.apache.org/security-8.html

CONFIRM - http://tomcat.apache.org/security-7.html

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1600984

BUGTRAQ - 20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling

FEDORA - FEDORA-2015-2109

BID - 72717

MANDRIVA - MDVSA-2015:052

REDHAT - RHSA-2015:0675

CONFIRM - http://advisories.mageia.org/MGASA-2015-0081.html

MANDRIVA - MDVSA-2015:053

REDHAT - RHSA-2015:0720

MANDRIVA - MDVSA-2015:084

REDHAT - RHSA-2015:0765

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Related Patches

SUN122911-34 Solaris 10 SPARC: Apache 1.3 Patch

SUN122912-34 Solaris 10 x86: Apache 1.3 Patch

Novell SUSE 2015:10813 tomcat6 security update for SLES 11 SP3 i586

Novell SUSE 2015:10813 tomcat6 security update for SLES 11 SP3 x86_64


Last Updated: 27 May 2016 11:08:06