CVE-2014-0227
published 2015-02-16CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly…
PriorityP342medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
21.04%
97.3th percentile
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Affected
95 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests with malformed chunked transfer encoding targeting Apache Tomcat — the vulnerability lies in ChunkedInputFilter.java failing to abort after a chunked encoding error, allowing subsequent data to be interpreted as a new request (request smuggling). ↗
- →Monitor for HTTP request smuggling patterns where a crafted malformed chunk causes Tomcat to read part of the request body as a new request — particularly relevant when Tomcat sits behind a reverse proxy. ↗
- →Alert on abnormally large or continuous streaming HTTP chunked-encoding requests to Tomcat endpoints, which may indicate a DoS attempt exploiting the ChunkedInputFilter resource consumption flaw. ↗
- →In reverse-proxy-fronted Tomcat deployments, investigate requests that bypass proxy path restrictions — this attack may allow access to URLs not exposed by the proxy via HTTP request smuggling through malformed chunked encoding. ↗
- ·Affected versions are Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9. Verify the deployed Tomcat version to scope detection applicability. ↗
- ·JBossWeb (used in Red Hat JBoss products) is also affected by this vulnerability, not just standalone Apache Tomcat deployments. ↗
CVSS provenance
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_apache6.4LOW
vendor_redhat6.4MEDIUM
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Input Validation in Apache Tomcat
osv·2022-05-14
CVE-2014-0227 [MEDIUM] Improper Input Validation in Apache Tomcat
Improper Input Validation in Apache Tomcat
`java/org/apache/coyote/http11/filters/ChunkedInputFilter.java` in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
GHSA
Improper Input Validation in Apache Tomcat
ghsa·2022-05-14
CVE-2014-0227 [MEDIUM] CWE-20 Improper Input Validation in Apache Tomcat
Improper Input Validation in Apache Tomcat
`java/org/apache/coyote/http11/filters/ChunkedInputFilter.java` in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
OSV
tomcat7 vulnerabilities
osv·2015-06-25·CVSS 4.3
CVE-2014-0119 [MEDIUM] tomcat7 vulnerabilities
tomcat7 vulnerabilities
It was discovered that the Tomcat XML parser incorrectly handled XML
External Entities (XXE). A remote attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-0119)
It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-0227)
It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use this issue to cause a limited denial of service. This
issue on
OSV
CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter
osv·2015-02-15·CVSS 6.4
CVE-2014-0227 [MEDIUM] CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2015-06-25·CVSS 6.4
CVE-2014-0227 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. (CVE-2014-0227)
It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use this issue to cause a limited denial of service.
(CVE-2014-0230)
It was discovered that the Tomcat Expression Language (EL) implementation
incorrectly handled accessible interfaces implemented by inaccessible
classes. An attacker could possibly use this issue to bypass
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2015-06-25·CVSS 4.3
CVE-2014-0119 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that the Tomcat XML parser incorrectly handled XML
External Entities (XXE). A remote attacker could possibly use this issue to
read arbitrary files. This issue only affected Ubuntu 14.04 LTS.
(CVE-2014-0119)
It was discovered that Tomcat incorrectly handled data with malformed
chunked transfer coding. A remote attacker could possibly use this issue to
conduct HTTP request smuggling attacks, or cause Tomcat to consume
resources, resulting in a denial of service. This issue only affected
Ubuntu 14.04 LTS. (CVE-2014-0227)
It was discovered that Tomcat incorrectly handled HTTP responses occurring
before the entire request body was finished being read. A remote attacker
could possibly use
Red Hat
Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
vendor_redhat·2015-02-09·CVSS 6.4
CVE-2014-0227 [MEDIUM] CWE-400 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
Package: jbossweb (Red Ha
Apache
Apache tomcat: CVE-2014-0227
vendor_apache·CVSS 6.4
CVE-2014-0227 [LOW] Apache tomcat: CVE-2014-0227
Apache tomcat: CVE-2014-0227
It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request. This was fixed in revisions 1600984 , 1601329 , 1601330 and 1601332 . This issue was identified by the Tomcat security team on 30 May 2014 and made public on 9 February 2015. Affects: 8.0.0-RC1 to 8.0.8 Low: Denial of Service
Severity: low
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-0227 tomcat: Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter [fedora-all]
bugzilla·2015-02-09·CVSS 6.4
CVE-2014-0227 [MEDIUM] CVE-2014-0227 tomcat: Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter [fedora-all]
CVE-2014-0227 tomcat: Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects mul
Bugzilla
CVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
bugzilla·2014-06-13·CVSS 6.4
CVE-2014-0227 [MEDIUM] CVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
CVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter
It was discovered that the ChunkedInputFilter implementation did not fail subsequent attempts to read input early enough. A remote attacker could use this flaw to perform a denial of service attack, by streaming an unlimited quantity of data, leading to consumption of server resources.
Discussion:
Upstream Fix:
Tomcat: http://svn.apache.org/viewvc?view=revision&revision=1600984
JBossWeb: https://source.jboss.org/changelog/JBossWeb?cs=2455
---
Upstream fix for Tomcat 6:
https://svn.apache.org/viewvc?view=revision&revision=1603628
Upstream fix for Tomcat 7:
https://svn.apache.org/viewvc?view=revision&revision=1601333
External References:
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_
http://advisories.mageia.org/MGASA-2015-0081.htmlhttp://archives.neohapsis.com/archives/bugtraq/2015-02/0067.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.htmlhttp://marc.info/?l=bugtraq&m=143393515412274&w=2http://marc.info/?l=bugtraq&m=143403519711434&w=2http://rhn.redhat.com/errata/RHSA-2015-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0983.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0991.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1600984http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2016/dsa-3447http://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.mandriva.com/security/advisories?name=MDVSA-2015:053http://www.mandriva.com/security/advisories?name=MDVSA-2015:084http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.securityfocus.com/bid/72717http://www.securitytracker.com/id/1032791http://www.ubuntu.com/usn/USN-2654-1http://www.ubuntu.com/usn/USN-2655-1https://bugzilla.redhat.com/show_bug.cgi?id=1109196https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://source.jboss.org/changelog/JBossWeb?cs=2455http://advisories.mageia.org/MGASA-2015-0081.htmlhttp://archives.neohapsis.com/archives/bugtraq/2015-02/0067.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.htmlhttp://marc.info/?l=bugtraq&m=143393515412274&w=2http://marc.info/?l=bugtraq&m=143403519711434&w=2http://rhn.redhat.com/errata/RHSA-2015-0675.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0720.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0765.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0983.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0991.htmlhttp://svn.apache.org/viewvc?view=revision&revision=1600984http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2016/dsa-3447http://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.mandriva.com/security/advisories?name=MDVSA-2015:053http://www.mandriva.com/security/advisories?name=MDVSA-2015:084http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.htmlhttp://www.securityfocus.com/bid/72717http://www.securitytracker.com/id/1032791http://www.ubuntu.com/usn/USN-2654-1http://www.ubuntu.com/usn/USN-2655-1https://bugzilla.redhat.com/show_bug.cgi?id=1109196https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Ehttps://source.jboss.org/changelog/JBossWeb?cs=2455
2015-02-16
Published