CVE-2014-0075
Publication date 31 May 2014
Last updated 24 July 2024
Ubuntu priority
Description
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
From the Ubuntu Security Team
David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| tomcat6 | 18.04 LTS bionic | Not in release |
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 6.0.39-1ubuntu0.1
|
|
| tomcat7 | 18.04 LTS bionic |
Not affected
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Fixed 7.0.52-1ubuntu0.1
|
|
| tomcat8 | 18.04 LTS bionic |
Not affected
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Patch details
| Package | Patch details |
|---|---|
| tomcat6 | |
| tomcat7 |
References
Related Ubuntu Security Notices (USN)
- USN-2302-1
- Tomcat vulnerabilities
- 30 July 2014