CVE-2014-0099Integer Overflow or Wraparound in Apache Tomcat

CWE-189CWE-190Integer Overflow or WraparoundCWE-444HTTP Request SmugglingCWE-113HTTP Request/Response Splitting11 documents8 sources
Severity
4.3MEDIUMNVD
EPSS
37.9%
top 2.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedMay 31
Latest updateMay 14

Description

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat6.0.39+90

🔴Vulnerability Details

5
OSV
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat2022-05-14
GHSA
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat2022-05-14
OSV
tomcat6, tomcat7 vulnerabilities2014-07-30
OSV
CVE-2014-0099: Integer overflow in java/org/apache/tomcat/util/buf/Ascii2014-05-31
CVEList
CVE-2014-0099: Integer overflow in java/org/apache/tomcat/util/buf/Ascii2014-05-31

📋Vendor Advisories

3
Ubuntu
Tomcat vulnerabilities2014-07-30
Red Hat
Tomcat/JBossWeb: Request smuggling via malicious content length header2014-05-27
Apache
Apache tomcat: CVE-2014-0099

💬Community

2
Bugzilla
CVE-2014-0099 Apache Tomcat: Request smuggling via malicious content length header [fedora-all]2014-05-28
Bugzilla
CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header2014-05-28
CVE-2014-0099 — Integer Overflow or Wraparound | cvebase