Launchpad CVE tracker

CVE 2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Related bugs and status

CVE-2014-0227 (Candidate) is related to these bugs:

Bug #1449975: Outstanding low priority security bugs in the tomcat7 packages

Summary				In	Importance	Status
	1449975	Outstanding low priority security bugs in the tomcat7 packages		tomcat7 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

BUGTRAQ: 20150209 [SECURITY] CV...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://source.jboss.o...
FEDORA: FEDORA-2015-2109
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:052
REDHAT: RHSA-2015:0675
BID: 72717
MANDRIVA: MDVSA-2015:053
REDHAT: RHSA-2015:0720
MANDRIVA: MDVSA-2015:084
REDHAT: RHSA-2015:0765
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3530
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3447
UBUNTU: USN-2655-1
REDHAT: RHSA-2015:0983
REDHAT: RHSA-2015:0991
CONFIRM: http://svn.apache.org/...
HP: HPSBUX03337
HP: HPSBUX03341
HP: SSRT102066
HP: SSRT102068
SECTRACK: 1032791
UBUNTU: USN-2654-1
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20190413 ...
MLIST: [tomcat-dev] 20190415 ...
MLIST: [tomcat-dev] 20200203 ...
MLIST: [tomcat-dev] 20200213 ...
MLIST: [tomcat-dev] 20200213 ...

Launchpad.net

CVE 2014-0227

Related bugs and status

Related bugs

References