Lucene search
K

3632 matches found

Tenable Nessus
Tenable Nessus
added 2015/05/18 12:0 a.m.35 views

Amazon Linux AMI : tomcat7 (ALAS-2015-526)

It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to...

6.4CVSS6.4AI score0.21045EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2015/05/18 12:0 a.m.25 views

Amazon Linux AMI : tomcat8 (ALAS-2015-527)

It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to...

6.4CVSS6.4AI score0.21045EPSS
Exploits1References5
Amazon
Amazon
added 2015/05/14 12:0 a.m.48 views

Medium: tomcat7

Issue Overview: It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data,...

6.4CVSS7.4AI score0.21045EPSS
Exploits1
Hacker One
Hacker One
added 2015/05/11 12:49 p.m.19 views

Yahoo!: YQL: From CR/LF injection to root compromise

The Yahoo Query Language YQL allowed sending outgoing HTTP requests; custom headers could be added using the header method. A vulnerability existed wherein CR/LF carriage return/line feed sequences could be injected into these custom headers, enabling HTTP request smuggling attacks. This bypassed...

7.1AI score
Exploits0
Apache Httpd
Apache Httpd
added 2015/04/04 12:0 a.m.112 views

Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

5CVSS6.2AI score0.73327EPSS
Exploits0Affected Software1
Apache Httpd
Apache Httpd
added 2015/04/04 12:0 a.m.67 views

Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser

An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...

5CVSS6.2AI score0.73327EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/03/30 12:0 a.m.70 views

Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)

Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Apache Tomcat 7.x...

7.5CVSS7AI score0.83175EPSS
Exploits12References11
Tenable Nessus
Tenable Nessus
added 2015/03/19 12:0 a.m.47 views

Mandriva Linux Security Advisory : tomcat6 (MDVSA-2015:053)

Updated tomcat6 packages fix security vulnerabilities : Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption...

6.4CVSS6.8AI score0.21045EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2015/03/01 12:0 a.m.64 views

Apache Tomcat 8.0.0-RC1 < 8.0.9 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 8.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.9security-8 advisory. - java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x...

7.8CVSS6.4AI score0.21045EPSS
Exploits0References12
Prion
Prion
added 2015/02/16 12:59 a.m.25 views

Design/Logic Flaw

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.4CVSS7AI score0.21045EPSS
Exploits0References35Affected Software1
NVD
NVD
added 2015/02/16 12:59 a.m.14 views

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.4CVSS8.5AI score0.21045EPSS
Exploits0References35
Debian CVE
Debian CVE
added 2015/02/16 12:0 a.m.27 views

CVE-2014-0227

Removed by vendor...

6.4CVSS6.9AI score0.21045EPSS
Exploits0
CVE
CVE
added 2015/02/16 12:0 a.m.180 views

CVE-2014-0227

CVE-2014-0227 affects Apache Tomcat: ChunkedInputFilter mishandles reads after an error, enabling HTTP request smuggling or DoS via malformed chunked data. Affected: Tomcat 6.x before 6.0.42, 7.x before 7.0.55, 8.x before 8.0.9. Remediation: upgrade to fixed releases (6.0.42+, 7.0.55+, 8.0.9+). E...

6.4CVSS6.2AI score0.21045EPSS
Exploits0References35Affected Software1
Cvelist
Cvelist
added 2015/02/16 12:0 a.m.18 views

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.3AI score0.21045EPSS
Exploits0References35
UbuntuCve
UbuntuCve
added 2015/02/15 12:0 a.m.38 views

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...

6.4CVSS6.8AI score0.21045EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/01/19 12:0 a.m.46 views

Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)

The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/ http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attacker...

5CVSS6.8AI score0.2006EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2014/11/28 12:0 a.m.48 views

Apache Tomcat Multiple Vulnerabilities (Nov 2014)

Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

5CVSS8.4AI score0.2006EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.40 views

F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15432)

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. C Tenable Netwo...

4.3CVSS6.6AI score0.08838EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/09/02 12:0 a.m.227 views

Apache Tomcat 7.0.0 < 7.0.55 multiple vulnerabilities

The version of Tomcat installed on the remote host is prior to 7.0.55. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.55security-7 advisory. - java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x...

7.8CVSS6.4AI score0.21045EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2014/08/05 12:0 a.m.37 views

Ubuntu: Security Advisory (USN-2302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS8.4AI score0.2006EPSS
Exploits1References2
Rows per page
Query Builder