CVE-2014-0227

Severity

64%

Complexity

99%

Confidentiality

81%

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P).

Overview

Type

Apache Software Foundation Tomcat

First reported 10 years ago

2015-02-16 00:59:00

Last updated 5 years ago

2019-04-15 16:29:00

Affected Software

Apache Software Foundation Tomcat 6.0.0

6.0.0

Apache Software Foundation Tomcat 6.0.0 alpha

6.0.0

Apache Software Foundation Tomcat 6.0.1

6.0.1

Apache Software Foundation Tomcat 6.0.1 alpha

6.0.1

Apache Software Foundation Tomcat 6.0.2

6.0.2

Apache Software Foundation Tomcat 6.0.2 alpha

6.0.2

Apache Software Foundation Tomcat 6.0.2 beta

6.0.2

Apache Software Foundation Tomcat 6.0.3

6.0.3

Apache Software Foundation Tomcat 6.0.4

6.0.4

Apache Software Foundation Tomcat 6.0.4 alpha

6.0.4

Apache Software Foundation Tomcat 6.0.5

6.0.5

Apache Software Foundation Tomcat 6.0.6

6.0.6

Apache Software Foundation Tomcat 6.0.6 alpha

6.0.6

Apache Software Foundation Tomcat 6.0.7

6.0.7

Apache Software Foundation Tomcat 6.0.7 alpha

6.0.7

Apache Software Foundation Tomcat 6.0.7 beta

6.0.7

Apache Software Foundation Tomcat 6.0.8

6.0.8

Apache Software Foundation Tomcat 6.0.8 alpha

6.0.8

Apache Software Foundation Tomcat 6.0.9

6.0.9

Apache Software Foundation Tomcat 6.0.9 beta

6.0.9

Apache Software Foundation Tomcat 6.0.10

6.0.10

Apache Software Foundation Tomcat 6.0.11

6.0.11

Apache Software Foundation Tomcat 6.0.12

6.0.12

Apache Software Foundation Tomcat 6.0.13

6.0.13

Apache Software Foundation Tomcat 6.0.14

6.0.14

Apache Software Foundation Tomcat 6.0.15

6.0.15

Apache Software Foundation Tomcat 6.0.16

6.0.16

Apache Software Foundation Tomcat 6.0.17

6.0.17

Apache Software Foundation Tomcat 6.0.18

6.0.18

Apache Software Foundation Tomcat 6.0.19

6.0.19

Apache Software Foundation Tomcat 6.0.20

6.0.20

Apache Software Foundation Tomcat 6.0.24

6.0.24

Apache Software Foundation Tomcat 6.0.26

6.0.26

Apache Software Foundation Tomcat 6.0.27

6.0.27

Apache Software Foundation Tomcat 6.0.28

6.0.28

Apache Software Foundation Tomcat 6.0.29

6.0.29

Apache Software Foundation Tomcat 6.0.30

6.0.30

Apache Software Foundation Tomcat 6.0.31

6.0.31

Apache Software Foundation Tomcat 6.0.32

6.0.32

Apache Software Foundation Tomcat 6.0.33

6.0.33

Apache Software Foundation Tomcat 6.0.35

6.0.35

Apache Software Foundation Tomcat 6.0.36

6.0.36

Apache Software Foundation Tomcat 6.0.37

6.0.37

Apache Software Foundation Tomcat 6.0.41

6.0.41

Apache Software Foundation Tomcat 7.0.0

7.0.0

Apache Software Foundation Tomcat 7.0.0 beta

7.0.0

Apache Software Foundation Tomcat 7.0.1

7.0.1

Apache Software Foundation Tomcat 7.0.2

7.0.2

Apache Software Foundation Tomcat 7.0.2 beta

7.0.2

Apache Software Foundation Tomcat 7.0.3

7.0.3

Apache Software Foundation Tomcat 7.0.4

7.0.4

Apache Software Foundation Tomcat 7.0.4 beta

7.0.4

Apache Software Foundation Tomcat 7.0.5

7.0.5

Apache Software Foundation Tomcat 7.0.6

7.0.6

Apache Software Foundation Tomcat 7.0.7

7.0.7

Apache Software Foundation Tomcat 7.0.8

7.0.8

Apache Software Foundation Tomcat 7.0.9

7.0.9

Apache Software Foundation Tomcat 7.0.10

7.0.10

Apache Software Foundation Tomcat 7.0.11

7.0.11

Apache Software Foundation Tomcat 7.0.12

7.0.12

Apache Software Foundation Tomcat 7.0.13

7.0.13

Apache Software Foundation Tomcat 7.0.14

7.0.14

Apache Software Foundation Tomcat 7.0.15

7.0.15

Apache Software Foundation Tomcat 7.0.16

7.0.16

Apache Software Foundation Tomcat 7.0.17

7.0.17

Apache Software Foundation Tomcat 7.0.18

7.0.18

Apache Software Foundation Tomcat 7.0.19

7.0.19

Apache Software Foundation Tomcat 7.0.20

7.0.20

Apache Software Foundation Tomcat 7.0.21

7.0.21

Apache Software Foundation Tomcat 7.0.22

7.0.22

Apache Software Foundation Tomcat 7.0.23

7.0.23

Apache Software Foundation Tomcat 7.0.24

7.0.24

Apache Software Foundation Tomcat 7.0.25

7.0.25

Apache Software Foundation Tomcat 7.0.26

7.0.26

Apache Software Foundation Tomcat 7.0.27

7.0.27

Apache Software Foundation Tomcat 7.0.28

7.0.28

Apache Software Foundation Tomcat 7.0.29

7.0.29

Apache Software Foundation Tomcat 7.0.30

7.0.30

Apache Software Foundation Tomcat 7.0.31

7.0.31

Apache Software Foundation Tomcat 7.0.32

7.0.32

Apache Software Foundation Tomcat 7.0.33

7.0.33

Apache Software Foundation Tomcat 7.0.34

7.0.34

Apache Software Foundation Tomcat 7.0.35

7.0.35

Apache Software Foundation Tomcat 7.0.36

7.0.36

Apache Software Foundation Tomcat 7.0.37

7.0.37

Apache Software Foundation Tomcat 7.0.38

7.0.38

Apache Software Foundation Tomcat 7.0.39

7.0.39

Apache Software Foundation Tomcat 7.0.40

7.0.40

Apache Software Foundation Tomcat 7.0.41

7.0.41

Apache Software Foundation Tomcat 7.0.42

7.0.42

Apache Software Foundation Tomcat 7.0.43

7.0.43

Apache Software Foundation Tomcat 7.0.44

7.0.44

Apache Software Foundation Tomcat 7.0.45

7.0.45

Apache Software Foundation Tomcat 7.0.46

7.0.46

Apache Software Foundation Tomcat 7.0.47

7.0.47

Apache Software Foundation Tomcat 7.0.48

7.0.48

Apache Software Foundation Tomcat 7.0.49

7.0.49

Apache Software Foundation Tomcat 7.0.50

7.0.50

Apache Software Foundation Tomcat 7.0.52

7.0.52

Apache Software Foundation Tomcat 7.0.53

7.0.53

Apache Software Foundation Tomcat 7.0.54

7.0.54

Apache Software Foundation Tomcat 8.0.0 Release Candidate 1

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 10

8.0.0

Apache Software Foundation Tomcat 8.0.0 Release Candidate 2

8.0.0

Apache Software Foundation Tomcat 8.0.0 release candidate 5

8.0.0

Apache Software Foundation Tomcat 8.0.1

8.0.1

Apache Software Foundation Tomcat 8.0.3

8.0.3

Apache Software Foundation Tomcat 8.0.5

8.0.5

Apache Software Foundation Tomcat 8.0.8

8.0.8

References

http://advisories.mageia.org/MGASA-2015-0081.html

20150209 [SECURITY] CVE-2014-0227 Apache Tomcat Request Smuggling

FEDORA-2015-2109

HPSBUX03341

SSRT102066

RHSA-2015:0675

RHSA-2015:0720

RHSA-2015:0765

RHSA-2015:0983

RHSA-2015:0991

http://svn.apache.org/viewvc?view=revision&revision=1600984

http://tomcat.apache.org/security-6.html

Vendor Advisory

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://tomcat.apache.org/security-8.html

Vendor Advisory

DSA-3447

DSA-3530

MDVSA-2015:052

MDVSA-2015:053

MDVSA-2015:084

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

72717

1032791

USN-2654-1

USN-2655-1

https://bugzilla.redhat.com/show_bug.cgi?id=1109196

[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/

[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/

[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/

[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/

[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/

https://source.jboss.org/changelog/JBossWeb?cs=2455

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.