Lucene search

[email protected]NVD:CVE-2014-0099

HistoryMay 31, 2014 - 11:17 a.m.

CVE-2014-0099

2014-05-3111:17:13

CWE-189

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.1

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Affected configurations

Nvd

Node

apachetomcatRange≤6.0.39

apachetomcatMatch6

apachetomcatMatch6.0

apachetomcatMatch6.0.0

apachetomcatMatch6.0.0alpha

apachetomcatMatch6.0.1

apachetomcatMatch6.0.1alpha

apachetomcatMatch6.0.2

apachetomcatMatch6.0.2alpha

apachetomcatMatch6.0.2beta

apachetomcatMatch6.0.3

apachetomcatMatch6.0.4

apachetomcatMatch6.0.4alpha

apachetomcatMatch6.0.5

apachetomcatMatch6.0.6

apachetomcatMatch6.0.6alpha

apachetomcatMatch6.0.7

apachetomcatMatch6.0.7alpha

apachetomcatMatch6.0.7beta

apachetomcatMatch6.0.8

apachetomcatMatch6.0.8alpha

apachetomcatMatch6.0.9

apachetomcatMatch6.0.9beta

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

apachetomcatMatch6.0.35

apachetomcatMatch6.0.36

apachetomcatMatch6.0.37

Node

apachetomcatMatch8.0.0rc1

apachetomcatMatch8.0.0rc10

apachetomcatMatch8.0.0rc2

apachetomcatMatch8.0.0rc5

apachetomcatMatch8.0.1

apachetomcatMatch8.0.3

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.2beta

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.4beta

apachetomcatMatch7.0.5

apachetomcatMatch7.0.6

apachetomcatMatch7.0.7

apachetomcatMatch7.0.8

apachetomcatMatch7.0.9

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

apachetomcatMatch7.0.23

apachetomcatMatch7.0.24

apachetomcatMatch7.0.25

apachetomcatMatch7.0.26

apachetomcatMatch7.0.27

apachetomcatMatch7.0.28

apachetomcatMatch7.0.29

apachetomcatMatch7.0.30

apachetomcatMatch7.0.31

apachetomcatMatch7.0.32

apachetomcatMatch7.0.33

apachetomcatMatch7.0.34

apachetomcatMatch7.0.35

apachetomcatMatch7.0.36

apachetomcatMatch7.0.37

apachetomcatMatch7.0.38

apachetomcatMatch7.0.39

apachetomcatMatch7.0.40

apachetomcatMatch7.0.41

apachetomcatMatch7.0.42

apachetomcatMatch7.0.43

apachetomcatMatch7.0.44

apachetomcatMatch7.0.45

apachetomcatMatch7.0.46

apachetomcatMatch7.0.47

apachetomcatMatch7.0.48

apachetomcatMatch7.0.49

apachetomcatMatch7.0.50

apachetomcatMatch7.0.52

VendorProductVersionCPE
apachetomcat*cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
apachetomcat6cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*
apachetomcat6.0cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
apachetomcat6.0.0cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
apachetomcat6.0.0cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
apachetomcat6.0.1cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
apachetomcat6.0.1cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
apachetomcat6.0.2cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	tomcat	*	cpe:2.3:a:apache:tomcat::::::::
apache	tomcat	6	cpe:2.3:a:apache:tomcat:6:::::::*
apache	tomcat	6.0	cpe:2.3:a:apache:tomcat:6.0:::::::*
apache	tomcat	6.0.0	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
apache	tomcat	6.0.0	cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
apache	tomcat	6.0.1	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
apache	tomcat	6.0.1	cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:::::::*
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:beta::::::

Rows per page:

1-10 of 1071

References

advisories.mageia.org/MGASA-2014-0268.html

linux.oracle.com/errata/ELSA-2014-0865.html

lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html

marc.info/?l=bugtraq&m=141017844705317&w=2

marc.info/?l=bugtraq&m=141390017113542&w=2

marc.info/?l=bugtraq&m=144498216801440&w=2

rhn.redhat.com/errata/RHSA-2015-0675.html

rhn.redhat.com/errata/RHSA-2015-0720.html

rhn.redhat.com/errata/RHSA-2015-0765.html

seclists.org/fulldisclosure/2014/Dec/23

seclists.org/fulldisclosure/2014/May/138

seclists.org/fulldisclosure/2014/May/140

secunia.com/advisories/59121

secunia.com/advisories/59678

secunia.com/advisories/59732

secunia.com/advisories/59835

secunia.com/advisories/59849

secunia.com/advisories/59873

secunia.com/advisories/60729

secunia.com/advisories/60793

svn.apache.org/viewvc?view=revision&revision=1578812

svn.apache.org/viewvc?view=revision&revision=1578814

svn.apache.org/viewvc?view=revision&revision=1580473

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www-01.ibm.com/support/docview.wss?uid=swg21678231

www-01.ibm.com/support/docview.wss?uid=swg21680603

www-01.ibm.com/support/docview.wss?uid=swg21681528

www.debian.org/security/2016/dsa-3447

www.debian.org/security/2016/dsa-3530

www.mandriva.com/security/advisories?name=MDVSA-2015:052

www.mandriva.com/security/advisories?name=MDVSA-2015:053

www.mandriva.com/security/advisories?name=MDVSA-2015:084

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.securityfocus.com/archive/1/532218/100/0/threaded

www.securityfocus.com/archive/1/532221/100/0/threaded

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/67668

www.securitytracker.com/id/1030302

www.vmware.com/security/advisories/VMSA-2014-0012.html

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

8.1

Confidence

High

EPSS

0.005

Percentile

75.5%

JSON

Related for NVD:CVE-2014-0099