Vulnerability in Apache Tomcat

CVE-2014-0227

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows…

EPSS: 0.782 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Tomcat — versions 6.0.0, 6.0.1, 6.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-19

References

secalert@redhat.com (x_refsource_CONFIRM)
USN-2654-1 (x_refsource_UBUNTU, vendor-advisory)
RHSA-2015:0765 (x_refsource_REDHAT, vendor-advisory)
RHSA-2015:0675 (x_refsource_REDHAT, vendor-advisory)
MDVSA-2015:052 (vendor-advisory, x_refsource_MANDRIVA)
HPSBUX03341 (x_refsource_HP, vendor-advisory)
RHSA-2015:0720 (x_refsource_REDHAT, vendor-advisory)
72717 (vdb-entry, x_refsource_BID)
RHSA-2015:0991 (x_refsource_REDHAT, vendor-advisory)
MDVSA-2015:084 (vendor-advisory, x_refsource_MANDRIVA)