UNKNOWN Maven
Uncontrolled Resource Consumption in Apache Tomcat
GHSA-pxcx-cxq8-4mmw · CVE-2014-0230
Published · Modified
Description
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2014-0230
- WEB https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba
- WEB https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51
- WEB https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1
- WEB https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb
- WEB https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5
- WEB https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303
- WEB https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16
- WEB https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2
- WEB https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
- WEB https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
- WEB https://issues.jboss.org/browse/JWS-220
- WEB https://issues.jboss.org/browse/JWS-219
- WEB https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
- WEB https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
- PACKAGE https://github.com/apache/tomcat
- WEB https://access.redhat.com/errata/RHSA-2015:2660
- WEB https://access.redhat.com/errata/RHSA-2015:2659
- WEB http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
- WEB http://marc.info/?l=bugtraq&m=144498216801440&w=2
- WEB http://marc.info/?l=bugtraq&m=145974991225029&w=2
- WEB http://openwall.com/lists/oss-security/2015/04/10/1
- WEB http://rhn.redhat.com/errata/RHSA-2015-1622.html
- WEB http://rhn.redhat.com/errata/RHSA-2016-0595.html
- WEB http://rhn.redhat.com/errata/RHSA-2016-0596.html
- WEB http://rhn.redhat.com/errata/RHSA-2016-0597.html
- WEB http://rhn.redhat.com/errata/RHSA-2016-0598.html
- WEB http://svn.apache.org/viewvc?view=revision&revision=1603770
- WEB http://svn.apache.org/viewvc?view=revision&revision=1603775
- WEB http://svn.apache.org/viewvc?view=revision&revision=1603779
- WEB http://tomcat.apache.org/security-6.html
- WEB http://tomcat.apache.org/security-7.html
- WEB http://tomcat.apache.org/security-8.html
- WEB http://www.debian.org/security/2016/dsa-3447
- WEB http://www.debian.org/security/2016/dsa-3530
- WEB http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- WEB http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- WEB http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- WEB http://www.ubuntu.com/usn/USN-2654-1
- WEB http://www.ubuntu.com/usn/USN-2655-1
Ready to move
Start Securing
Free, no credit card | First findings in minutes