CVE-2014-0230
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Published at
2015-06-07T23:59Z
3107 days ago
Modified
2019-04-15T16:30Z
1699 days ago
CWE-399
Problem type
References
GET https://vulnerabilitydata.com/api/details/CVE-2014-0230
{
"id": "CVE-2014-0230",
"published_date": "2015-06-07T23:59Z",
"last_modified_date": "2019-04-15T16:30Z",
"assigner": "secalert@redhat.com",
"description": "Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.",
"references": [
{
"url": "http://openwall.com/lists/oss-security/2015/04/10/1",
"name": "[oss-security] 20150409 Apache Tomcat partial file upload DoS CVE-2014-0230",
"refsource": "MLIST",
"tags": []
},
{
"url": "http://svn.apache.org/viewvc?view=revision&revision=1603770",
"name": "http://svn.apache.org/viewvc?view=revision&revision=1603770",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://svn.apache.org/viewvc?view=revision&revision=1603779",
"name": "http://svn.apache.org/viewvc?view=revision&revision=1603779",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://tomcat.apache.org/security-6.html",
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://svn.apache.org/viewvc?view=revision&revision=1603775",
"name": "http://svn.apache.org/viewvc?view=revision&revision=1603775",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://tomcat.apache.org/security-8.html",
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://tomcat.apache.org/security-7.html",
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E",
"name": "[tomcat-announce] 20150505 [SECURITY] CVE-2014-0230: Apache Tomcat DoS",
"refsource": "MLIST",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://www.debian.org/security/2016/dsa-3530",
"name": "DSA-3530",
"refsource": "DEBIAN",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0599.html",
"name": "RHSA-2016:0599",
"refsource": "REDHAT",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0597.html",
"name": "RHSA-2016:0597",
"refsource": "REDHAT",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0598.html",
"name": "RHSA-2016:0598",
"refsource": "REDHAT",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0595.html",
"name": "RHSA-2016:0595",
"refsource": "REDHAT",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0596.html",
"name": "RHSA-2016:0596",
"refsource": "REDHAT",
"tags": []
},
{
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://marc.info/?l=bugtraq&m=145974991225029&w=2",
"name": "HPSBUX03561",
"refsource": "HP",
"tags": []
},
{
"url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2",
"name": "HPSBOV03503",
"refsource": "HP",
"tags": []
},
{
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"name": "RHSA-2015:2661",
"refsource": "REDHAT",
"tags": []
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2659",
"name": "RHSA-2015:2659",
"refsource": "REDHAT",
"tags": []
},
{
"url": "https://access.redhat.com/errata/RHSA-2015:2660",
"name": "RHSA-2015:2660",
"refsource": "REDHAT",
"tags": []
},
{
"url": "https://issues.jboss.org/browse/JWS-220",
"name": "https://issues.jboss.org/browse/JWS-220",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "https://issues.jboss.org/browse/JWS-219",
"name": "https://issues.jboss.org/browse/JWS-219",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://www.debian.org/security/2016/dsa-3447",
"name": "DSA-3447",
"refsource": "DEBIAN",
"tags": []
},
{
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1622.html",
"name": "RHSA-2015:1622",
"refsource": "REDHAT",
"tags": []
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2015-1621.html",
"name": "RHSA-2015:1621",
"refsource": "REDHAT",
"tags": []
},
{
"url": "http://www.ubuntu.com/usn/USN-2655-1",
"name": "USN-2655-1",
"refsource": "UBUNTU",
"tags": []
},
{
"url": "http://www.securityfocus.com/bid/74475",
"name": "74475",
"refsource": "BID",
"tags": []
},
{
"url": "http://www.ubuntu.com/usn/USN-2654-1",
"name": "USN-2654-1",
"refsource": "UBUNTU",
"tags": []
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
"refsource": "MLIST",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
"refsource": "MLIST",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": []
},
{
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E",
"name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
"refsource": "MLIST",
"tags": []
}
],
"impact": {
"baseMetricV2": {
"cvssV2": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8
},
"severity": "HIGH",
"exploitabilityScore": 10,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
},
"problem_type": "CWE-399"
}