Your submission was sent successfully! Close

CVE-2014-0075

Published: 31 May 2014

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

From the Ubuntu security team

David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.41-1)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(6.0.41-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (6.0.39-1ubuntu0.1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1579262
tomcat7
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.53-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(7.0.53-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.0.53-1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (7.0.52-1ubuntu0.1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1578341
tomcat8
Launchpad, Ubuntu, Debian
Upstream
Released (8.0.5-1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(8.0.9-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(8.0.9-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist