CVE-2014-0075Integer Overflow or Wraparound in Apache Tomcat

CWE-189CWE-190Integer Overflow or WraparoundCWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input Validation11 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
46.7%
top 2.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedMay 31
Latest updateMay 14

Description

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat6.0.39+90

🔴Vulnerability Details

5
GHSA
Integer Overflow or Wraparound in Apache Tomcat2022-05-14
OSV
Integer Overflow or Wraparound in Apache Tomcat2022-05-14
OSV
tomcat6, tomcat7 vulnerabilities2014-07-30
CVEList
CVE-2014-0075: Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter2014-05-31
OSV
CVE-2014-0075: Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter2014-05-31

📋Vendor Advisories

3
Ubuntu
Tomcat vulnerabilities2014-07-30
Red Hat
Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter2014-05-27
Apache
Apache tomcat: CVE-2014-0075

💬Community

2
Bugzilla
CVE-2014-0075 tomcat: Limited DoS in chunked transfer encoding input filter [fedora-all]2014-05-29
Bugzilla
CVE-2014-0075 Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter2014-03-05
CVE-2014-0075 — Integer Overflow or Wraparound | cvebase