Home > Vulnerability Database > CVE-2014-0230

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2014-0230

Good to know:

Date: June 7, 2015

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Language: Java

Severity Score

7.5

Related Resources (58)

Url: https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303

Url: http://rhn.redhat.com/errata/RHSA-2016-0599.html

Url: http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html

Url: http://marc.info/?l=bugtraq&m=145974991225029&w=2

Url: https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964

Url: http://www.securityfocus.com/bid/74475

Url: http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html

Url: http://rhn.redhat.com/errata/RHSA-2015-1622.html

Url: https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E

Url: https://github.com/apache/tomcat

Url: http://tomcat.apache.org/security-8.html

Url: http://rhn.redhat.com/errata/RHSA-2015-1621.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0598.html

Url: https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51

Url: https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E

Url: http://svn.apache.org/viewvc?view=revision&revision=1603775

Url: https://issues.jboss.org/browse/JWS-220

Url: http://tomcat.apache.org/security-7.html

Url: http://svn.apache.org/viewvc?view=revision&revision=1603770

Url: https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1

Url: http://openwall.com/lists/oss-security/2015/04/10/1

Url: https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16

Url: https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

Url: http://www.debian.org/security/2016/dsa-3530

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-0230

Url: http://svn.apache.org/viewvc?view=revision&revision=1603779

Url: http://marc.info/?l=bugtraq&m=144498216801440&w=2

Url: https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E

Url: http://www.ubuntu.com/usn/USN-2654-1

Url: http://rhn.redhat.com/errata/RHSA-2015-2661.html

Url: https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2

Url: https://access.redhat.com/security/cve/CVE-2014-0230

Url: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

Url: http://rhn.redhat.com/errata/RHSA-2016-0596.html

Url: https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb

Url: http://www.debian.org/security/2016/dsa-3447

Url: https://access.redhat.com/errata/RHSA-2015:2659

Url: https://access.redhat.com/errata/RHSA-2015:2660

Url: http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2016-0595.html

Url: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

Url: https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

Url: https://issues.jboss.org/browse/JWS-219

Url: https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E

Url: http://www.ubuntu.com/usn/USN-2655-1

Url: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

Url: https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba

Url: https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

Url: https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Url: https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5

Url: https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E

Url: http://rhn.redhat.com/errata/RHSA-2016-0597.html

Url: https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E

Url: http://tomcat.apache.org/security-6.html

Url: https://www.mend.io/vulnerability-database/CVE-2014-0230

Severity Score

7.5

Weakness Type (CWE)

Resource Management Errors

CWE-399

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Do you need more information?

Contact Us