Lucene search

[email protected]CVE-2014-0095

HistoryMay 31, 2014 - 11:17 a.m.

CVE-2014-0095

2014-05-3111:17:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

denial of service

apache tomcat

nvd

security vulnerability

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a “Content-Length: 0” AJP request to trigger a hang in request processing.

CPENameOperatorVersion
apache:tomcatapache tomcateq8.0.1
apache:tomcatapache tomcateq8.0.0
apache:tomcatapache tomcateq8.0.3

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	8.0.1
apache:tomcat	apache tomcat	eq	8.0.0
apache:tomcat	apache tomcat	eq	8.0.3

References

seclists.org/fulldisclosure/2014/May/134

secunia.com/advisories/59873

secunia.com/advisories/60729

svn.apache.org/viewvc?view=revision&revision=1578392

tomcat.apache.org/security-8.html

www-01.ibm.com/support/docview.wss?uid=swg21678231

www-01.ibm.com/support/docview.wss?uid=swg21681528

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/bid/67673

www.securitytracker.com/id/1030300

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

Related for CVE-2014-0095

ibm11 github1 ubuntucve1 securityvulns2 openvas1 prion1 debiancve1 osv1 tomcat1 nessus2 symantec1 oracle1