3632 matches found
Amazon Linux AMI : tomcat7 (ALAS-2015-526)
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to...
Amazon Linux AMI : tomcat8 (ALAS-2015-527)
It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to...
Medium: tomcat7
Issue Overview: It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data,...
Yahoo!: YQL: From CR/LF injection to root compromise
The Yahoo Query Language YQL allowed sending outgoing HTTP requests; custom headers could be added using the header method. A vulnerability existed wherein CR/LF carriage return/line feed sequences could be injected into these custom headers, enabling HTTP request smuggling attacks. This bypassed...
Apache Httpd < 2.4.16 : HTTP request smuggling attack against chunked request parser
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...
Apache Httpd < 2.2.31 : HTTP request smuggling attack against chunked request parser
An HTTP request smuggling attack was possible due to a bug in parsing of chunked requests. A malicious client could force the server to misinterpret the request length, allowing cache poisoning or credential hijacking if an intermediary proxy is in use...
Mandriva Linux Security Advisory : tomcat (MDVSA-2015:084)
Updated tomcat package fixes security vulnerabilities : It was discovered that the Apache Commons FileUpload package for Java could enter an infinite loop while processing a multipart request with a crafted Content-Type, resulting in a denial-of-service condition CVE-2014-0050. Apache Tomcat 7.x...
Mandriva Linux Security Advisory : tomcat6 (MDVSA-2015:053)
Updated tomcat6 packages fix security vulnerabilities : Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40 and 7.x before 7.0.53 allows remote attackers to cause a denial of service resource consumption...
Apache Tomcat 8.0.0-RC1 < 8.0.9 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.0.9. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.0.9security-8 advisory. - java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x...
Design/Logic Flaw
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
CVE-2014-0227
Removed by vendor...
CVE-2014-0227
CVE-2014-0227 affects Apache Tomcat: ChunkedInputFilter mishandles reads after an error, enabling HTTP request smuggling or DoS via malformed chunked data. Affected: Tomcat 6.x before 6.0.42, 7.x before 7.0.55, 8.x before 8.0.9. Remediation: upgrade to fixed releases (6.0.42+, 7.0.55+, 8.0.9+). E...
CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
CVE-2014-0227
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks...
Oracle Solaris Third-Party Patch Update : tomcat (cve_2014_0075_numeric_errors)
The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in the parseChunkHeader function in java/org/apache/coyote/ http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attacker...
Apache Tomcat Multiple Vulnerabilities (Nov 2014)
Apache Tomcat is prone to multiple vulnerabilities. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
F5 Networks BIG-IP : Apache Tomcat vulnerability (SOL15432)
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header. C Tenable Netwo...
Apache Tomcat 7.0.0 < 7.0.55 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 7.0.55. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat7.0.55security-7 advisory. - java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x...
Ubuntu: Security Advisory (USN-2302-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...