#VU64581 Resource management error in Apache Tomcat - CVE-2014-0230
Vulnerability identifier: #VU64581
Vulnerability risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID:
CWE-ID:
CWE-399
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Apache Tomcat
Server applications /
Web servers
Vendor: Apache Foundation
Description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Apache Tomcat does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body. A remote attacker can cause a denial of service (thread consumption) via a series of aborted upload attempts.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Apache Tomcat: 6.0.0 - 6.0.43, 7.0.0 - 7.0.54, 8.0.0 RC1 - 8.0.8
External links
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
https://marc.info/?l=bugtraq&m=144498216801440&w=2
https://marc.info/?l=bugtraq&m=145974991225029&w=2
https://openwall.com/lists/oss-security/2015/04/10/1
https://rhn.redhat.com/errata/RHSA-2015-1621.html
https://rhn.redhat.com/errata/RHSA-2015-1622.html
https://rhn.redhat.com/errata/RHSA-2015-2661.html
https://rhn.redhat.com/errata/RHSA-2016-0595.html
https://rhn.redhat.com/errata/RHSA-2016-0596.html
https://rhn.redhat.com/errata/RHSA-2016-0597.html
https://rhn.redhat.com/errata/RHSA-2016-0598.html
https://rhn.redhat.com/errata/RHSA-2016-0599.html
https://svn.apache.org/viewvc?view=revision&revision=1603770
https://svn.apache.org/viewvc?view=revision&revision=1603775
https://svn.apache.org/viewvc?view=revision&revision=1603779
https://tomcat.apache.org/security-6.html
https://tomcat.apache.org/security-7.html
https://tomcat.apache.org/security-8.html
https://www.debian.org/security/2016/dsa-3447
https://www.debian.org/security/2016/dsa-3530
https://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
https://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
https://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
https://www.securityfocus.com/bid/74475
https://www.ubuntu.com/usn/USN-2654-1
https://www.ubuntu.com/usn/USN-2655-1
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://issues.jboss.org/browse/JWS-219
https://issues.jboss.org/browse/JWS-220
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
