CVE-2014-0095

Apache Tomcat 8.x < 8.0.4 - Denial of Service via AJP Content-Length Header

Title source: llm

Description

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

References (10)

Core 10

Core References

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21681528

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/May/134

Vendor Advisory x_refsource_confirm

http://tomcat.apache.org/security-8.html

Various Sources x_refsource_confirm

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/59873

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/67673

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Patch x_refsource_confirm

http://svn.apache.org/viewvc?view=revision&revision=1578392

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1030300

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/60729

Scores

EPSS 0.0966

EPSS Percentile 93.0%

Details

CWE

CWE-20

Status published

Products (5)

apache/tomcat 8.0.0 rc1 (4 CPE variants)

apache/tomcat 8.0.1

apache/tomcat 8.0.3

org.apache.tomcat/tomcat-coyote 8.0.0-RC1 - 8.0.4Maven

org.apache.tomcat.embed/tomcat-embed-core 8.0.0-RC1 - 8.0.4Maven

Published May 31, 2014

Tracked Since Feb 18, 2026