Lucene search

PRIOn knowledge basePRION:CVE-2014-0230

HistoryJun 07, 2015 - 11:59 p.m.

Design/Logic Flaw

2015-06-0723:59:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.064 Low

EPSS

Percentile

93.5%

JSON

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

CPENameOperatorVersion
tomcateq7.0.2 beta
tomcateq6.0.33
tomcateq6.0.0 alpha
tomcateq7.0.49
tomcateq6.0.39
tomcateq7.0.12
tomcateq6.0.6
tomcateq7.0.53
tomcateq6.0.4 alpha
tomcateq7.0.20

Name	Operator	Version
tomcat	eq	7.0.2 beta
tomcat	eq	6.0.33
tomcat	eq	6.0.0 alpha
tomcat	eq	7.0.49
tomcat	eq	6.0.39
tomcat	eq	7.0.12
tomcat	eq	6.0.6
tomcat	eq	7.0.53
tomcat	eq	6.0.4 alpha
tomcat	eq	7.0.20

Rows per page:

1-10 of 1141

References

mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E

openwall.com/lists/oss-security/2015/04/10/1

rhn.redhat.com/errata/RHSA-2015-1621.html

rhn.redhat.com/errata/RHSA-2015-1622.html

rhn.redhat.com/errata/RHSA-2015-2661.html

rhn.redhat.com/errata/RHSA-2016-0595.html

rhn.redhat.com/errata/RHSA-2016-0596.html

rhn.redhat.com/errata/RHSA-2016-0597.html

rhn.redhat.com/errata/RHSA-2016-0598.html

rhn.redhat.com/errata/RHSA-2016-0599.html

svn.apache.org/viewvc?view=revision&revision=1603770

svn.apache.org/viewvc?view=revision&revision=1603775

svn.apache.org/viewvc?view=revision&revision=1603779

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www.debian.org/security/2016/dsa-3447

www.debian.org/security/2016/dsa-3530

www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

www.securityfocus.com/bid/74475

www.ubuntu.com/usn/USN-2654-1

www.ubuntu.com/usn/USN-2655-1

access.redhat.com/errata/RHSA-2015:2659

access.redhat.com/errata/RHSA-2015:2660

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

issues.jboss.org/browse/JWS-219

issues.jboss.org/browse/JWS-220

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=144498216801440&w=2

marc.info/?l=bugtraq&m=145974991225029&w=2

6.9 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.064 Low

EPSS

Percentile

93.5%

JSON

Related for PRION:CVE-2014-0230