Detections
Analytics
CVE-2014-0230
high
Description
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
References
https://issues.jboss.org/browse/JWS-220
https://issues.jboss.org/browse/JWS-219
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
https://access.redhat.com/errata/RHSA-2015:2660
https://access.redhat.com/errata/RHSA-2015:2659
http://www.ubuntu.com/usn/USN-2655-1
http://www.ubuntu.com/usn/USN-2654-1
http://www.securityfocus.com/bid/74475
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.debian.org/security/2016/dsa-3530
http://www.debian.org/security/2016/dsa-3447
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://svn.apache.org/viewvc?view=revision&revision=1603779
http://svn.apache.org/viewvc?view=revision&revision=1603775
http://svn.apache.org/viewvc?view=revision&revision=1603770
http://rhn.redhat.com/errata/RHSA-2016-0599.html
http://rhn.redhat.com/errata/RHSA-2016-0598.html
http://rhn.redhat.com/errata/RHSA-2016-0597.html
http://rhn.redhat.com/errata/RHSA-2016-0596.html
http://rhn.redhat.com/errata/RHSA-2016-0595.html
http://rhn.redhat.com/errata/RHSA-2015-2661.html
http://rhn.redhat.com/errata/RHSA-2015-1622.html
http://rhn.redhat.com/errata/RHSA-2015-1621.html
http://openwall.com/lists/oss-security/2015/04/10/1
http://marc.info/?l=bugtraq&m=145974991225029&w=2