CVE-2014-0095

EPSS 13.06%
Veröffentlicht 31.05.2014 11:17:13
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc10

Apache ≫ Tomcat Version8.0.0 Updaterc2

Apache ≫ Tomcat Version8.0.0 Updaterc5

Apache ≫ Tomcat Version8.0.1

Apache ≫ Tomcat Version8.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.06%	0.934

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://secunia.com/advisories/59873

http://tomcat.apache.org/security-8.html

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

http://secunia.com/advisories/60729

http://www-01.ibm.com/support/docview.wss?uid=swg21681528

http://seclists.org/fulldisclosure/2014/May/134

http://svn.apache.org/viewvc?view=revision&revision=1578392

Patch

http://www.securityfocus.com/bid/67673

http://www.securitytracker.com/id/1030300

https://nvd.nist.gov/vuln/detail/CVE-2014-0095

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0095

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0095

EUVD