5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.038 Low
EPSS
Percentile
91.8%
Integer overflow in the parseChunkHeader function in
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache
Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote
attackers to cause a denial of service (resource consumption) via a
malformed chunk size in chunked transfer coding of a request during the
streaming of data.