Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30753
HistoryMay 29, 2014 - 12:00 a.m.

[SECURITY] CVE-2014-0095 Apache Tomcat denial of service

2014-05-2900:00:00
vulners.com
54
JSON

CVE-2014-0095 Denial of Service

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

  • Apache Tomcat 8.0.0-RC2 to 8.0.3

Description:
A regression was introduced in revision 1519838 that caused AJP
requests to hang if an explicit content length of zero was set on the
request. The hanging request consumed a request processing thread which
could lead to a denial of service.

Mitigation:
Users of affected versions should apply one of the following mitigations

  • Upgrade to Apache Tomcat 8.0.5 or later
    (8.0.4 contains the fix but was not released)

Credit:
This issue was reported as a possible bug via the Tomcat users mailing
list and the security implications were identified by theTomcat security
team.

References:
[1] http://tomcat.apache.org/security-8.html

Related

debiancve 1
prion 1
openvas 1
ibm 11
cve 1
github 1
ubuntucve 1
osv 1
nessus 2
tomcat 1
securityvulns 1
symantec 1
oracle 1
debiancve
debiancve
CVE-2014-0095
2014-05-31 11:17:00
prion
prion
Cross site request forgery (csrf)
2014-05-31 11:17:00
openvas
openvas
Apache Tomcat AJP Request Remote Denial Of Service Vulnerability
2014-11-28 00:00:00
ibm
ibm
Security Bulletin: IBM InfoSphere Metadata Asset Manager is subject to a denial of service vulnerability from its use of Apache Tomcat (CVE-2014-0095)
2018-06-16 14:07:05
Security Bulletin: Apache Tomcat Vulnerabilities in IBM UrbanCode Release (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119)
2018-06-17 22:31:52
Security Bulletin: Tivoli Netcool Service Quality Manager is affected by the Open Source Tomcat vulnerabilities (CVE-2014-0075 CVE-2014-0095 CVE-2014-0096 CVE-2014-0099 CVE-2014-0119)
2018-06-17 14:47:05
cve
cve
CVE-2014-0095
2014-05-31 11:17:00
github
github
Denial of service in Apache Tomcat
2022-05-17 00:24:30
ubuntucve
ubuntucve
CVE-2014-0095
2014-05-31 00:00:00
osv
osv
Denial of service in Apache Tomcat
2022-05-17 00:24:30
nessus
nessus
Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities
2015-03-02 00:00:00
Apache Tomcat 8.0.x < 8.0.4 Multiple Vulnerabilities
2014-05-30 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.0.5
2014-03-27 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2014-05-29 00:00:00
symantec
symantec
SA100 : Apache Tomcat Vulnerabilities
2015-07-23 08:00:00
oracle
oracle
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
JSON
Related for SECURITYVULNS:DOC:30753
debiancve1prion1openvas1ibm11cve1github1ubuntucve1osv1nessus2tomcat1securityvulns1symantec1oracle1