7.8

CVE-2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version6.0.0
ApacheTomcat Version6.0.0 Updatealpha
ApacheTomcat Version6.0.1
ApacheTomcat Version6.0.1 Updatealpha
ApacheTomcat Version6.0.2
ApacheTomcat Version6.0.2 Updatealpha
ApacheTomcat Version6.0.2 Updatebeta
ApacheTomcat Version6.0.3
ApacheTomcat Version6.0.4
ApacheTomcat Version6.0.4 Updatealpha
ApacheTomcat Version6.0.5
ApacheTomcat Version6.0.6
ApacheTomcat Version6.0.6 Updatealpha
ApacheTomcat Version6.0.7
ApacheTomcat Version6.0.7 Updatealpha
ApacheTomcat Version6.0.7 Updatebeta
ApacheTomcat Version6.0.8
ApacheTomcat Version6.0.8 Updatealpha
ApacheTomcat Version6.0.9
ApacheTomcat Version6.0.9 Updatebeta
ApacheTomcat Version6.0.10
ApacheTomcat Version6.0.11
ApacheTomcat Version6.0.12
ApacheTomcat Version6.0.13
ApacheTomcat Version6.0.14
ApacheTomcat Version6.0.15
ApacheTomcat Version6.0.16
ApacheTomcat Version6.0.17
ApacheTomcat Version6.0.18
ApacheTomcat Version6.0.19
ApacheTomcat Version6.0.20
ApacheTomcat Version6.0.24
ApacheTomcat Version6.0.26
ApacheTomcat Version6.0.27
ApacheTomcat Version6.0.28
ApacheTomcat Version6.0.29
ApacheTomcat Version6.0.30
ApacheTomcat Version6.0.31
ApacheTomcat Version6.0.32
ApacheTomcat Version6.0.33
ApacheTomcat Version6.0.35
ApacheTomcat Version6.0.36
ApacheTomcat Version6.0.37
ApacheTomcat Version6.0.39
ApacheTomcat Version6.0.41
ApacheTomcat Version6.0.43
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.0 Updatebeta
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.2 Updatebeta
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.4 Updatebeta
ApacheTomcat Version7.0.5
ApacheTomcat Version7.0.6
ApacheTomcat Version7.0.7
ApacheTomcat Version7.0.8
ApacheTomcat Version7.0.9
ApacheTomcat Version7.0.10
ApacheTomcat Version7.0.11
ApacheTomcat Version7.0.12
ApacheTomcat Version7.0.13
ApacheTomcat Version7.0.14
ApacheTomcat Version7.0.15
ApacheTomcat Version7.0.16
ApacheTomcat Version7.0.17
ApacheTomcat Version7.0.18
ApacheTomcat Version7.0.19
ApacheTomcat Version7.0.20
ApacheTomcat Version7.0.21
ApacheTomcat Version7.0.22
ApacheTomcat Version7.0.23
ApacheTomcat Version7.0.24
ApacheTomcat Version7.0.25
ApacheTomcat Version7.0.26
ApacheTomcat Version7.0.27
ApacheTomcat Version7.0.28
ApacheTomcat Version7.0.29
ApacheTomcat Version7.0.30
ApacheTomcat Version7.0.31
ApacheTomcat Version7.0.32
ApacheTomcat Version7.0.33
ApacheTomcat Version7.0.34
ApacheTomcat Version7.0.35
ApacheTomcat Version7.0.36
ApacheTomcat Version7.0.37
ApacheTomcat Version7.0.38
ApacheTomcat Version7.0.39
ApacheTomcat Version7.0.40
ApacheTomcat Version7.0.41
ApacheTomcat Version7.0.42
ApacheTomcat Version7.0.43
ApacheTomcat Version7.0.44
ApacheTomcat Version7.0.45
ApacheTomcat Version7.0.46
ApacheTomcat Version7.0.47
ApacheTomcat Version7.0.48
ApacheTomcat Version7.0.49
ApacheTomcat Version7.0.50
ApacheTomcat Version7.0.52
ApacheTomcat Version7.0.53
ApacheTomcat Version7.0.54
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.0 Updaterc10
ApacheTomcat Version8.0.0 Updaterc2
ApacheTomcat Version8.0.0 Updaterc5
ApacheTomcat Version8.0.1
ApacheTomcat Version8.0.3
ApacheTomcat Version8.0.5
ApacheTomcat Version8.0.8
OracleVirtualization Version4.63
OracleVirtualization Version4.71
OracleVirtualization Version5.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 20.32% 0.971
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 10 6.9
AV:N/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://tomcat.apache.org/security-6.html
Patch
Vendor Advisory
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-7.html
Patch
Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://marc.info/?l=bugtraq&m=144498216801440&w=2
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
http://tomcat.apache.org/security-8.html
Patch
Vendor Advisory
http://www.debian.org/security/2016/dsa-3530
http://rhn.redhat.com/errata/RHSA-2015-2661.html
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
http://www.debian.org/security/2016/dsa-3447
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
http://www.ubuntu.com/usn/USN-2654-1
http://www.ubuntu.com/usn/USN-2655-1
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
Vendor Advisory
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://openwall.com/lists/oss-security/2015/04/10/1
http://rhn.redhat.com/errata/RHSA-2015-1621.html
http://rhn.redhat.com/errata/RHSA-2015-1622.html
http://rhn.redhat.com/errata/RHSA-2016-0595.html
http://rhn.redhat.com/errata/RHSA-2016-0596.html
http://rhn.redhat.com/errata/RHSA-2016-0597.html
http://rhn.redhat.com/errata/RHSA-2016-0598.html
http://rhn.redhat.com/errata/RHSA-2016-0599.html
http://svn.apache.org/viewvc?view=revision&revision=1603770
http://svn.apache.org/viewvc?view=revision&revision=1603775
http://svn.apache.org/viewvc?view=revision&revision=1603779
http://www.securityfocus.com/bid/74475
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://issues.jboss.org/browse/JWS-219
https://issues.jboss.org/browse/JWS-220