High

CVE-2014-0230 - Resource Management Errors vulnerability in multiple products

Publication: 2015-06-07
Summary

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Classification
CWE-399: Resource Management Errors

Risk level (CVSS 7.8)

High

7.8

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Oracle Virtualization 4.63
  • Oracle Virtualization 4.71
  • Oracle Virtualization 5.1
  • Apache Tomcat 6.0.0
  • Apache Tomcat 6.0.0
  • Apache Tomcat 6.0.1
  • Apache Tomcat 6.0.1
  • Apache Tomcat 6.0.2
  • Apache Tomcat 6.0.2
  • Apache Tomcat 6.0.2
  • Apache Tomcat 6.0.3
  • Apache Tomcat 6.0.4
  • Apache Tomcat 6.0.4
  • Apache Tomcat 6.0.5
  • Apache Tomcat 6.0.6
  • Apache Tomcat 6.0.6
  • Apache Tomcat 6.0.7
  • Apache Tomcat 6.0.7
  • Apache Tomcat 6.0.7
  • Apache Tomcat 6.0.8
  • Apache Tomcat 6.0.8
  • Apache Tomcat 6.0.9
  • Apache Tomcat 6.0.9
  • Apache Tomcat 6.0.10
  • Apache Tomcat 6.0.11
  • Apache Tomcat 6.0.12
  • Apache Tomcat 6.0.13
  • Apache Tomcat 6.0.14
  • Apache Tomcat 6.0.15
  • Apache Tomcat 6.0.16
  • Apache Tomcat 6.0.17
  • Apache Tomcat 6.0.18
  • Apache Tomcat 6.0.19
  • Apache Tomcat 6.0.20
  • Apache Tomcat 6.0.24
  • Apache Tomcat 6.0.26
  • Apache Tomcat 6.0.27
  • Apache Tomcat 6.0.28
  • Apache Tomcat 6.0.29
  • Apache Tomcat 6.0.30
  • Apache Tomcat 6.0.31
  • Apache Tomcat 6.0.32
  • Apache Tomcat 6.0.33
  • Apache Tomcat 6.0.35
  • Apache Tomcat 6.0.36
  • Apache Tomcat 6.0.37
  • Apache Tomcat 6.0.39
  • Apache Tomcat 6.0.41
  • Apache Tomcat 6.0.43
  • Apache Tomcat 7.0.0
  • Apache Tomcat 7.0.0
  • Apache Tomcat 7.0.1
  • Apache Tomcat 7.0.2
  • Apache Tomcat 7.0.2
  • Apache Tomcat 7.0.3
  • Apache Tomcat 7.0.4
  • Apache Tomcat 7.0.4
  • Apache Tomcat 7.0.5
  • Apache Tomcat 7.0.6
  • Apache Tomcat 7.0.7
  • Apache Tomcat 7.0.8
  • Apache Tomcat 7.0.9
  • Apache Tomcat 7.0.10
  • Apache Tomcat 7.0.11
  • Apache Tomcat 7.0.12
  • Apache Tomcat 7.0.13
  • Apache Tomcat 7.0.14
  • Apache Tomcat 7.0.15
  • Apache Tomcat 7.0.16
  • Apache Tomcat 7.0.17
  • Apache Tomcat 7.0.18
  • Apache Tomcat 7.0.19
  • Apache Tomcat 7.0.20
  • Apache Tomcat 7.0.21
  • Apache Tomcat 7.0.22
  • Apache Tomcat 7.0.23
  • Apache Tomcat 7.0.24
  • Apache Tomcat 7.0.25
  • Apache Tomcat 7.0.26
  • Apache Tomcat 7.0.27
  • Apache Tomcat 7.0.28
  • Apache Tomcat 7.0.29
  • Apache Tomcat 7.0.30
  • Apache Tomcat 7.0.31
  • Apache Tomcat 7.0.32
  • Apache Tomcat 7.0.33
  • Apache Tomcat 7.0.34
  • Apache Tomcat 7.0.35
  • Apache Tomcat 7.0.36
  • Apache Tomcat 7.0.37
  • Apache Tomcat 7.0.38
  • Apache Tomcat 7.0.39
  • Apache Tomcat 7.0.40
  • Apache Tomcat 7.0.41
  • Apache Tomcat 7.0.42
  • Apache Tomcat 7.0.43
  • Apache Tomcat 7.0.44
  • Apache Tomcat 7.0.45
  • Apache Tomcat 7.0.46
  • Apache Tomcat 7.0.47
  • Apache Tomcat 7.0.48
  • Apache Tomcat 7.0.49
  • Apache Tomcat 7.0.50
  • Apache Tomcat 7.0.52
  • Apache Tomcat 7.0.53
  • Apache Tomcat 7.0.54
  • Apache Tomcat 8.0.0
  • Apache Tomcat 8.0.0
  • Apache Tomcat 8.0.0
  • Apache Tomcat 8.0.0
  • Apache Tomcat 8.0.1
  • Apache Tomcat 8.0.3
  • Apache Tomcat 8.0.5
  • Apache Tomcat 8.0.8

References