Detections
Analytics
CVE-2014-0227
medium
Description
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
References
https://source.jboss.org/changelog/JBossWeb?cs=2455
https://bugzilla.redhat.com/show_bug.cgi?id=1109196
http://www.ubuntu.com/usn/USN-2655-1
http://www.ubuntu.com/usn/USN-2654-1
http://www.securitytracker.com/id/1032791
http://www.securityfocus.com/bid/72717
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
http://www.debian.org/security/2016/dsa-3530
http://www.debian.org/security/2016/dsa-3447
http://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
http://svn.apache.org/viewvc?view=revision&revision=1600984
http://rhn.redhat.com/errata/RHSA-2015-0991.html
http://rhn.redhat.com/errata/RHSA-2015-0983.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143393515412274&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html