5
CVE-2014-0095
- EPSS 8.49%
- Veröffentlicht 31.05.2014 11:17:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.49% | 0.943 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://secunia.com/advisories/59873
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
http://secunia.com/advisories/60729
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
http://seclists.org/fulldisclosure/2014/May/134
http://svn.apache.org/viewvc?view=revision&revision=1578392
http://www.securityfocus.com/bid/67673
http://www.securitytracker.com/id/1030300