CVE-2014-0227
Description
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
EPSS Score
Exploitation Probability
79.834
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Tomcat to 9.5.14 | Windows |
| Update Tomcat to 9.5.5 | Windows |
| Update Tomcat to 9.5.7 | Windows |
| Update Tomcat to 9.5.8 | Windows |
| Update Tomcat to 9.6.10 | Windows |
| Update Tomcat to 9.6.3 | Windows |
| Update Tomcat to 9.6.4 | Windows |
| Update Tomcat to 9.6.7 | Windows |
| Update Tomcat to 9.6.8 | Windows |
| Update Tomcat to 2.4.5 | Windows |
| Update Tomcat to 3.0.14 | Windows |
| Multiple Vulnerabilities are affected in IBM UrbanCode Deploy 6.0 | Windows |
| Vulnerabilities CVE-2014-0227 are fixed in Apache - tomcat 6.0.42 | Windows |
| Vulnerabilities CVE-2014-0227,CVE-2014-0230 are fixed in Apache - tomcat 7.0.55 | Windows |
| Vulnerabilities CVE-2014-0227,CVE-2014-0230 are fixed in Apache - tomcat 8.0.9 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Servlet and JSP engine (USN-2654-1) libtomcat7-java_7.0.56-2ubuntu0.1_all.deb | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-admin-webapps-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-docs-webapp-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-javadoc-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-jsp-2_1-api-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-lib-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-servlet-2_5-api-6.0.41-0.45.1.noarch.rpm | Linux |
| SUSE-SU-2015:1337-1(SUSE Linux Enterprise Server 11 SP3 ) tomcat6-webapps-6.0.41-0.45.1.noarch.rpm | Linux |
| Update Tomcat to 9.5.14 (For Linux) | Linux |
| Update Tomcat to 9.5.5 (For Linux) | Linux |
| Update Tomcat to 9.5.7 (For Linux) | Linux |
| Update Tomcat to 9.5.8 (For Linux) | Linux |
| Update Tomcat to 9.6.10 (For Linux) | Linux |
| Update Tomcat to 9.6.3 (For Linux) | Linux |
| Update Tomcat to 9.6.4 (For Linux) | Linux |
| Update Tomcat to 9.6.7 (For Linux) | Linux |
| Update Tomcat to 9.6.8 (For Linux) | Linux |
| Update Tomcat to 2.4.5 (For Linux) | Linux |
| Update Tomcat to 3.0.14 (For Linux) | Linux |
| Vulnerabilities CVE-2014-0227 are fixed in Apache - tomcat for Linux 6.0.42 | Linux |
| Vulnerabilities CVE-2014-0227,CVE-2014-0230 are fixed in Apache - tomcat for Linux 7.0.55 | Linux |
| Vulnerabilities CVE-2014-0227,CVE-2014-0230 are fixed in Apache - tomcat for Linux 8.0.9 | Linux |
| CVE-2014-0227 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234