LiviuPtr

2 exploits Active since Feb 2014

CVE-2013-4322 NOMISEC WORKING POC

Apache Tomcat < 6.0.37 - Improper Input Validation

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

View Code

CVE-2014-0075 NOMISEC WORKING POC

Apache Tomcat <6.0.40,7.x<7.0.53,8.x<8.0.4 - DoS

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

View Code