CVE-2014-0230

CWE-399CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation without Limits12 documents9 sources
Severity
7.8HIGH
EPSS
5.7%
top 9.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache TomcatOracle Virtualization
Timeline
PublishedJun 7
Latest updateMay 14

Description

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages5 packages

Mavenorg.apache.tomcat:tomcat6.0.06.0.44+2
NVDapache/tomcat95 versions+94
Ubuntutomcat6< 6.0.39-1ubuntu0.1+1
Ubuntutomcat7< 7.0.52-1ubuntu0.3
NVDoracle/virtualization4.63, 4.71, 5.1+2

Patches

Patch: tomcat.apache.orgPatch: tomcat.apache.orgPatch: tomcat.apache.org

🔴Vulnerability Details

4
GHSA
Uncontrolled Resource Consumption in Apache Tomcat2022-05-14
OSV
Uncontrolled Resource Consumption in Apache Tomcat2022-05-14
OSV
CVE-2014-0230: Apache Tomcat 62015-06-07
CVEList
CVE-2014-0230: Apache Tomcat 62015-06-07

📋Vendor Advisories

4
Ubuntu
Tomcat vulnerabilities2015-06-25
Ubuntu
Tomcat vulnerabilities2015-06-25
Red Hat
tomcat: non-persistent DoS attack by feeding data by aborting an upload2014-07-19
Apache
Apache tomcat: CVE-2014-0230

💬Community

2
Bugzilla
CVE-2014-0230 tomcat: non-persistent DoS attack by feeding data by aborting an upload [epel-6]2015-06-30
Bugzilla
CVE-2014-0230 tomcat: non-persistent DoS attack by feeding data by aborting an upload2015-02-10
CVE-2014-0230 (HIGH CVSS 7.8) | Apache Tomcat 6.x before 6.0.44 | cvebase.io