CVE-2014-0227Improper Input Validation in Apache Tomcat

CWE-19CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption12 documents8 sources
Severity
6.4MEDIUMNVD
EPSS
78.2%
top 0.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedFeb 16
Latest updateMay 14

Description

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDapache/tomcat94 versions+93

🔴Vulnerability Details

5
OSV
Improper Input Validation in Apache Tomcat2022-05-14
GHSA
Improper Input Validation in Apache Tomcat2022-05-14
OSV
tomcat7 vulnerabilities2015-06-25
CVEList
CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter2015-02-16
OSV
CVE-2014-0227: java/org/apache/coyote/http11/filters/ChunkedInputFilter2015-02-15

📋Vendor Advisories

4
Ubuntu
Tomcat vulnerabilities2015-06-25
Ubuntu
Tomcat vulnerabilities2015-06-25
Red Hat
Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter2015-02-09
Apache
Apache tomcat: CVE-2014-0227

💬Community

2
Bugzilla
CVE-2014-0227 tomcat: Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter [fedora-all]2015-02-09
Bugzilla
CVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter2014-06-13
CVE-2014-0227 — Improper Input Validation in Apache | cvebase