CVE-2014-0095

EPSS 13.06%
Published 31.05.2014 11:17:13
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc10

Apache ≫ Tomcat Version8.0.0 Updaterc2

Apache ≫ Tomcat Version8.0.0 Updaterc5

Apache ≫ Tomcat Version8.0.1

Apache ≫ Tomcat Version8.0.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	13.06%	0.934

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://secunia.com/advisories/59873

http://tomcat.apache.org/security-8.html

Vendor Advisory

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

http://secunia.com/advisories/60729

http://www-01.ibm.com/support/docview.wss?uid=swg21681528

http://seclists.org/fulldisclosure/2014/May/134

http://svn.apache.org/viewvc?view=revision&revision=1578392

Patch

http://www.securityfocus.com/bid/67673

http://www.securitytracker.com/id/1030300

https://nvd.nist.gov/vuln/detail/CVE-2014-0095

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-0095

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-0095

EUVD