CVE-2014-0099
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.1%
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
References
advisories.mageia.org/MGASA-2014-0268.html
linux.oracle.com/errata/ELSA-2014-0865.html
lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
marc.info/?l=bugtraq&m=141017844705317&w=2
marc.info/?l=bugtraq&m=141390017113542&w=2
marc.info/?l=bugtraq&m=144498216801440&w=2
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0765.html
seclists.org/fulldisclosure/2014/Dec/23
seclists.org/fulldisclosure/2014/May/138
seclists.org/fulldisclosure/2014/May/140
secunia.com/advisories/59121
secunia.com/advisories/59678
secunia.com/advisories/59732
secunia.com/advisories/59835
secunia.com/advisories/59849
secunia.com/advisories/59873
secunia.com/advisories/60729
secunia.com/advisories/60793
svn.apache.org/viewvc?view=revision&revision=1578812
svn.apache.org/viewvc?view=revision&revision=1578814
svn.apache.org/viewvc?view=revision&revision=1580473
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
www-01.ibm.com/support/docview.wss?uid=swg21678231
www-01.ibm.com/support/docview.wss?uid=swg21680603
www-01.ibm.com/support/docview.wss?uid=swg21681528
www.debian.org/security/2016/dsa-3447
www.debian.org/security/2016/dsa-3530
www.mandriva.com/security/advisories?name=MDVSA-2015:052
www.mandriva.com/security/advisories?name=MDVSA-2015:053
www.mandriva.com/security/advisories?name=MDVSA-2015:084
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
www.securityfocus.com/archive/1/532218/100/0/threaded
www.securityfocus.com/archive/1/532221/100/0/threaded
www.securityfocus.com/archive/1/534161/100/0/threaded
www.securityfocus.com/bid/67668
www.securitytracker.com/id/1030302
www.vmware.com/security/advisories/VMSA-2014-0012.html
h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Social References
More
Related
7.8 High
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.1%