2014-05-31 13:17:13 2019-04-15 18:29:46

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
Apache Tomcat 8.0.3 (not an official CPE) Apache Software Foundation Tomcat 8.0.1 Apache Software Foundation Tomcat 8.0.0 release candidate 5 Apache Software Foundation Tomcat 8.0.0 Release Candidate 2 Apache Software Foundation Tomcat 8.0.0 release candidate 10 Apache Software Foundation Tomcat 8.0.0 Release Candidate 1 Apache Tomcat 7.0.52 (not an official CPE) Apache Software Foundation Tomcat 7.0.50 Apache Software Foundation Tomcat 7.0.49 Apache Software Foundation Tomcat 7.0.48 Apache Software Foundation Tomcat 7.0.47 Apache Software Foundation Tomcat 7.0.46 Apache Software Foundation Tomcat 7.0.45 Apache Software Foundation Tomcat 7.0.44 Apache Software Foundation Tomcat 7.0.43 Apache Software Foundation Tomcat 7.0.42 Apache Software Foundation Tomcat 7.0.41 Apache Software Foundation Tomcat 7.0.40 Apache Software Foundation Tomcat 7.0.39 Apache Software Foundation Tomcat 7.0.38 Apache Software Foundation Tomcat 7.0.37 Apache Software Foundation Tomcat 7.0.36 Apache Software Foundation Tomcat 7.0.35 Apache Software Foundation Tomcat 7.0.34 Apache Software Foundation Tomcat 7.0.33 Apache Software Foundation Tomcat 7.0.32 Apache Software Foundation Tomcat 7.0.31 Apache Software Foundation Tomcat 7.0.30 Apache Software Foundation Tomcat 7.0.29 Apache Software Foundation Tomcat 7.0.28 Apache Software Foundation Tomcat 7.0.27 Apache Software Foundation Tomcat 7.0.26 Apache Software Foundation Tomcat 7.0.25 Apache Software Foundation Tomcat 7.0.24 Apache Software Foundation Tomcat 7.0.23 Apache Software Foundation Tomcat 7.0.22 Apache Software Foundation Tomcat 7.0.21 Apache Software Foundation Tomcat 7.0.20 Apache Software Foundation Tomcat 7.0.19 Apache Software Foundation Tomcat 7.0.18 Apache Software Foundation Tomcat 7.0.17 Apache Software Foundation Tomcat 7.0.16 Apache Software Foundation Tomcat 7.0.15 Apache Software Foundation Tomcat 7.0.14 Apache Software Foundation Tomcat 7.0.13 Apache Software Foundation Tomcat 7.0.12 Apache Software Foundation Tomcat 7.0.11 Apache Software Foundation Tomcat 7.0.10 Apache Software Foundation Tomcat 7.0.9 Apache Software Foundation Tomcat 7.0.8 Apache Software Foundation Tomcat 7.0.7 Apache Software Foundation Tomcat 7.0.6 Apache Software Foundation Tomcat 7.0.5 Apache Software Foundation Tomcat 7.0.4 beta Apache Software Foundation Tomcat 7.0.4 Apache Software Foundation Tomcat 7.0.3 Apache Software Foundation Tomcat 7.0.2 beta Apache Software Foundation Tomcat 7.0.2 Apache Software Foundation Tomcat 7.0.1 Apache Software Foundation Tomcat 7.0.0 beta Apache Tomcat 6.0.39 (not an official CPE) Apache Software Foundation Tomcat 7.0.0 Apache Software Foundation Tomcat 6.0.37 Apache Software Foundation Tomcat 6.0.35 Apache Software Foundation Tomcat 6.0.36 Apache Software Foundation Tomcat 6.0.33 Apache Software Foundation Tomcat 6.0.32 Apache Software Foundation Tomcat 6.0.31 Apache Software Foundation Tomcat 6.0.30 Apache Software Foundation Tomcat 6.0.29 Apache Software Foundation Tomcat 6.0.28 Apache Software Foundation Tomcat 6.0.27 Apache Software Foundation Tomcat 6.0.26 Apache Software Foundation Tomcat 6.0.24 Apache Software Foundation Tomcat 6.0.20 Apache Software Foundation Tomcat 6.0.19 Apache Software Foundation Tomcat 6.0.18 Apache Software Foundation Tomcat 6.0.17 Apache Software Foundation Tomcat 6.0.15 Apache Software Foundation Tomcat 6.0.9 beta Apache Software Foundation Tomcat 6.0.16 Apache Software Foundation Tomcat 6.0.14 Apache Software Foundation Tomcat 6.0.13 Apache Software Foundation Tomcat 6.0.12 Apache Software Foundation Tomcat 6.0.11 Apache Software Foundation Tomcat 6.0.10 Apache Software Foundation Tomcat 6.0.9 Apache Software Foundation Tomcat 6.0.8 alpha Apache Software Foundation Tomcat 6.0.8 Apache Software Foundation Tomcat 6.0.7 beta Apache Software Foundation Tomcat 6.0.7 alpha Apache Software Foundation Tomcat 6.0.7 Apache Software Foundation Tomcat 6.0.6 alpha Apache Software Foundation Tomcat 6.0.6 Apache Software Foundation Tomcat 6.0.5 Apache Software Foundation Tomcat 6.0.4 alpha Apache Software Foundation Tomcat 6.0.4 Apache Software Foundation Tomcat 6.0.2 Apache Software Foundation Tomcat 6.0.2 alpha Apache Software Foundation Tomcat 6.0.2 beta Apache Software Foundation Tomcat 6.0.3 Apache Software Foundation Tomcat 6.0.1 alpha Apache Software Foundation Tomcat 6.0.1 Apache Software Foundation Tomcat 6.0.0 alpha Apache Software Foundation Tomcat 6.0.0 Apache Software Foundation Tomcat 6.0 Apache Software Foundation Tomcat 6
Advisory Patch Confirmed Link
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in ...
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/d...
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in ...
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in ...
1030302
http://www.vmware.com/security/advisories/VMSA-2014-0012...
20141205 NEW: VMSA-2014-0012 - VMware vSphere product up...
67668
MDVSA-2015:084
http://www.oracle.com/technetwork/security-advisory/cpuo...
http://www.oracle.com/technetwork/topics/security/cpujul...
20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat info...
20140527 [SECURITY] CVE-2014-0097 Apache Tomcat informat...
MDVSA-2015:053
DSA-3447
DSA-3530
MDVSA-2015:052
http://www-01.ibm.com/support/docview.wss?uid=swg2168152...
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg2168060...
http://www-01.ibm.com/support/docview.wss?uid=swg2167823...
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-6.html
20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache...
20141205 NEW: VMSA-2014-0012 - VMware vSphere product up...
http://svn.apache.org/viewvc?view=revision&revision=1580...
http://svn.apache.org/viewvc?view=revision&revision=1578...
59121
http://svn.apache.org/viewvc?view=revision&revision=1578...
20140527 [SECURITY] CVE-2014-0097 Apache Tomcat informat...
FEDORA-2015-2109
RHSA-2015:0720
RHSA-2015:0765
RHSA-2015:0675
HPSBUX03150
HPSBOV03503
HPSBUX03102
http://advisories.mageia.org/MGASA-2014-0268.html
http://linux.oracle.com/errata/ELSA-2014-0865.html
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in ...