cbcvebase.
CVE-2014-0227
published 2015-02-16

CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly…

PriorityP342medium6.4CVSS 2.0
AVNACLAuNCNIPAP
EPSS
21.04%
97.3th percentile
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Affected

95 ranges· showing 25
VendorProductVersion rangeFixed in
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat
apachetomcat

Detection & IOCsextracted from sources · hover to see the quote

  • Detect HTTP requests with malformed chunked transfer encoding targeting Apache Tomcat — the vulnerability lies in ChunkedInputFilter.java failing to abort after a chunked encoding error, allowing subsequent data to be interpreted as a new request (request smuggling).
  • Monitor for HTTP request smuggling patterns where a crafted malformed chunk causes Tomcat to read part of the request body as a new request — particularly relevant when Tomcat sits behind a reverse proxy.
  • Alert on abnormally large or continuous streaming HTTP chunked-encoding requests to Tomcat endpoints, which may indicate a DoS attempt exploiting the ChunkedInputFilter resource consumption flaw.
  • In reverse-proxy-fronted Tomcat deployments, investigate requests that bypass proxy path restrictions — this attack may allow access to URLs not exposed by the proxy via HTTP request smuggling through malformed chunked encoding.
  • ·Affected versions are Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9. Verify the deployed Tomcat version to scope detection applicability.
  • ·JBossWeb (used in Red Hat JBoss products) is also affected by this vulnerability, not just standalone Apache Tomcat deployments.

CVSS provenance

nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
osv6.4MEDIUM
vendor_apache6.4LOW
vendor_redhat6.4MEDIUM
vendor_ubuntu6.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.