CVE-2014-0075

Apache Tomcat <6.0.40,7.x<7.0.53,8.x<8.0.4 - DoS

Title source: llm

Description

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Exploits (1)

nomisec WORKING POC

by LiviuPtr · poc

https://github.com/LiviuPtr/CVE-2014-0075_PoC

View Code ZIP pw:eip

References (48)

[Patch] http://svn.apache.org/viewvc?view=revision&revision=1578337

[Patch] http://svn.apache.org/viewvc?view=revision&revision=1578341

[Patch] http://svn.apache.org/viewvc?view=revision&revision=1579262

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-0675.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-0720.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-0765.html

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21680603

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=swg21681528

[Third Party Advisory] http://advisories.mageia.org/MGASA-2014-0268.html

[Various Sources] http://linux.oracle.com/errata/ELSA-2014-0865.html

[Mailing List] http://marc.info/?l=bugtraq&m=141017844705317&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=141390017113542&w=2

[Mailing List] http://seclists.org/fulldisclosure/2014/Dec/23

[Third Party Advisory] http://secunia.com/advisories/59121

[Third Party Advisory] http://secunia.com/advisories/59616

[Third Party Advisory] http://secunia.com/advisories/59678

[Third Party Advisory] http://secunia.com/advisories/59732

[Third Party Advisory] http://secunia.com/advisories/59835

[Third Party Advisory] http://secunia.com/advisories/59849

[Vendor Advisory] http://tomcat.apache.org/security-6.html

... and 28 more

Scores

EPSS 0.4675

EPSS Percentile 97.7%

Details

CWE

CWE-189

Status published

Products (47)

apache/tomcat 7.0.0 (2 CPE variants)

apache/tomcat 7.0.1

apache/tomcat 7.0.2 (2 CPE variants)

apache/tomcat 7.0.3

apache/tomcat 7.0.4 (2 CPE variants)

apache/tomcat 7.0.5

apache/tomcat 7.0.6

apache/tomcat 7.0.7

apache/tomcat 7.0.8

apache/tomcat 7.0.9

... and 37 more

Published May 31, 2014

Tracked Since Feb 18, 2026