CVE-2014-0230

Apache Tomcat <6.0.44, 7.x <7.0.55, 8.x <8.0.9 - DoS

Title source: llm

Description

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

References (39)

Core 39

Core References

Patch x_refsource_confirm

http://svn.apache.org/viewvc?view=revision&revision=1603779

Patch x_refsource_confirm

http://svn.apache.org/viewvc?view=revision&revision=1603775

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1622.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0599.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-2661.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0596.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0595.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0598.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-1621.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2016-0597.html

Vendor Advisory x_refsource_confirm

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2654-1

Various Sources x_refsource_confirm

https://issues.jboss.org/browse/JWS-220

Patch, Vendor Advisory x_refsource_confirm

http://tomcat.apache.org/security-7.html

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=145974991225029&w=2

Patch, Vendor Advisory x_refsource_confirm

http://tomcat.apache.org/security-8.html

Patch, Vendor Advisory x_refsource_confirm

http://tomcat.apache.org/security-6.html

Various Sources x_refsource_confirm

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2015:2659

Vendor Advisory mailing-list x_refsource_mlist

http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E

Mailing List vendor-advisory x_refsource_hp

http://marc.info/?l=bugtraq&m=144498216801440&w=2

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2015:2660

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2655-1

Various Sources x_refsource_confirm

https://issues.jboss.org/browse/JWS-219

Patch x_refsource_confirm

http://svn.apache.org/viewvc?view=revision&revision=1603770

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3530

Mailing List mailing-list x_refsource_mlist

http://openwall.com/lists/oss-security/2015/04/10/1

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74475

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3447

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Mailing List mailing-list x_refsource_mlist

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Scores

EPSS 0.0310

EPSS Percentile 87.0%

Details

CWE

CWE-399

Status published

Products (39)

apache/tomcat 6.0.0 (2 CPE variants)

apache/tomcat 6.0.1 (2 CPE variants)

apache/tomcat 6.0.2 (3 CPE variants)

apache/tomcat 6.0.3

apache/tomcat 6.0.4 (2 CPE variants)

apache/tomcat 6.0.5

apache/tomcat 6.0.6 (2 CPE variants)

apache/tomcat 6.0.7 (3 CPE variants)

apache/tomcat 6.0.8 (2 CPE variants)

apache/tomcat 6.0.9 (2 CPE variants)

... and 29 more

Published Jun 07, 2015

Tracked Since Feb 18, 2026