CVE-2014-0230: Uncontrolled Resource Consumption in Apache Tomcat
(updated )
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
References
- mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
- marc.info/?l=bugtraq&m=144498216801440&w=2
- marc.info/?l=bugtraq&m=145974991225029&w=2
- openwall.com/lists/oss-security/2015/04/10/1
- rhn.redhat.com/errata/RHSA-2015-1622.html
- rhn.redhat.com/errata/RHSA-2016-0595.html
- rhn.redhat.com/errata/RHSA-2016-0596.html
- rhn.redhat.com/errata/RHSA-2016-0597.html
- rhn.redhat.com/errata/RHSA-2016-0598.html
- svn.apache.org/viewvc?view=revision&revision=1603770
- svn.apache.org/viewvc?view=revision&revision=1603775
- svn.apache.org/viewvc?view=revision&revision=1603779
- tomcat.apache.org/security-6.html
- tomcat.apache.org/security-7.html
- tomcat.apache.org/security-8.html
- www.debian.org/security/2016/dsa-3447
- www.debian.org/security/2016/dsa-3530
- www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- www.ubuntu.com/usn/USN-2654-1
- www.ubuntu.com/usn/USN-2655-1
- access.redhat.com/errata/RHSA-2015:2659
- access.redhat.com/errata/RHSA-2015:2660
- github.com/advisories/GHSA-pxcx-cxq8-4mmw
- h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
- h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
- issues.jboss.org/browse/JWS-219
- issues.jboss.org/browse/JWS-220
- lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
- lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2014-0230
Detect and mitigate CVE-2014-0230 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →