Vulnerability Description
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 6.0.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2015-0081.html
- http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.h
- http://marc.info/?l=bugtraq&m=143393515412274&w=2
- http://marc.info/?l=bugtraq&m=143403519711434&w=2
- http://rhn.redhat.com/errata/RHSA-2015-0675.html
- http://rhn.redhat.com/errata/RHSA-2015-0720.html
- http://rhn.redhat.com/errata/RHSA-2015-0765.html
- http://rhn.redhat.com/errata/RHSA-2015-0983.html
- http://rhn.redhat.com/errata/RHSA-2015-0991.html
- http://svn.apache.org/viewvc?view=revision&revision=1600984
- http://tomcat.apache.org/security-6.htmlVendor Advisory
- http://tomcat.apache.org/security-7.htmlVendor Advisory
- http://tomcat.apache.org/security-8.htmlVendor Advisory
- http://www.debian.org/security/2016/dsa-3447
FAQ
What is CVE-2014-0227?
CVE-2014-0227 is a vulnerability with a CVSS score of 6.4 (MEDIUM). java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data aft...
How severe is CVE-2014-0227?
CVE-2014-0227 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0227?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.