Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0230

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Related bugs and status

CVE-2014-0230 (Candidate) is related to these bugs:

Bug #1449975: Outstanding low priority security bugs in the tomcat7 packages

Summary				In	Importance	Status
	1449975	Outstanding low priority security bugs in the tomcat7 packages		tomcat7 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2015040...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
MLIST: [tomcat-announce] 2015...
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3530
REDHAT: RHSA-2016:0595
REDHAT: RHSA-2016:0596
REDHAT: RHSA-2016:0597
REDHAT: RHSA-2016:0598
REDHAT: RHSA-2016:0599
CONFIRM: https://h20566.www2.hp...
CONFIRM: http://www.oracle.com/...
CONFIRM: https://issues.jboss.o...
CONFIRM: https://issues.jboss.o...
DEBIAN: DSA-3447
REDHAT: RHSA-2015:2659
REDHAT: RHSA-2015:2660
REDHAT: RHSA-2015:2661
CONFIRM: https://h20564.www2.hp...
REDHAT: RHSA-2015:1621
REDHAT: RHSA-2015:1622
UBUNTU: USN-2655-1
BID: 74475
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
HP: HPSBUX03561
HP: HPSBOV03503
UBUNTU: USN-2654-1
CONFIRM: http://www.oracle.com/...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20190413 ...
MLIST: [tomcat-dev] 20190415 ...
MLIST: [tomcat-dev] 20200203 ...
MLIST: [tomcat-dev] 20200213 ...
MLIST: [tomcat-dev] 20200213 ...