5

CVE-2014-0095

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.0 Updaterc10
ApacheTomcat Version8.0.0 Updaterc2
ApacheTomcat Version8.0.0 Updaterc5
ApacheTomcat Version8.0.1
ApacheTomcat Version8.0.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 8.49% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://secunia.com/advisories/59873
http://tomcat.apache.org/security-8.html
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
http://secunia.com/advisories/60729
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
http://seclists.org/fulldisclosure/2014/May/134
http://svn.apache.org/viewvc?view=revision&revision=1578392
Patch
http://www.securityfocus.com/bid/67673
http://www.securitytracker.com/id/1030300