7 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.948 High
EPSS
Percentile
99.2%
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
advisories.mageia.org/MGASA-2015-0081.html
archives.neohapsis.com/archives/bugtraq/2015-02/0067.html
rhn.redhat.com/errata/RHSA-2015-0675.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0765.html
rhn.redhat.com/errata/RHSA-2015-0983.html
rhn.redhat.com/errata/RHSA-2015-0991.html
svn.apache.org/viewvc?view=revision&revision=1600984
tomcat.apache.org/security-6.html
tomcat.apache.org/security-7.html
tomcat.apache.org/security-8.html
www.debian.org/security/2016/dsa-3447
www.debian.org/security/2016/dsa-3530
www.mandriva.com/security/advisories?name=MDVSA-2015:052
www.mandriva.com/security/advisories?name=MDVSA-2015:053
www.mandriva.com/security/advisories?name=MDVSA-2015:084
www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
www.securityfocus.com/bid/72717
www.securitytracker.com/id/1032791
www.ubuntu.com/usn/USN-2654-1
www.ubuntu.com/usn/USN-2655-1
bugzilla.redhat.com/show_bug.cgi?id=1109196
lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
marc.info/?l=bugtraq&m=143393515412274&w=2
marc.info/?l=bugtraq&m=143403519711434&w=2
source.jboss.org/changelog/JBossWeb?cs=2455