java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
References
Link Providers
http://advisories.mageia.org/MGASA-2015-0081.html cve-icon cve-icon
http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143393515412274&w=2 cve-icon cve-icon
http://marc.info/?l=bugtraq&m=143403519711434&w=2 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0675.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0720.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0765.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0983.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0991.html cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1600984 cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://tomcat.apache.org/security-7.html cve-icon cve-icon
http://tomcat.apache.org/security-8.html cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3447 cve-icon cve-icon
http://www.debian.org/security/2016/dsa-3530 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084 cve-icon cve-icon
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html cve-icon cve-icon
http://www.securityfocus.com/bid/72717 cve-icon cve-icon
http://www.securitytracker.com/id/1032791 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2654-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2655-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=1109196 cve-icon cve-icon
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-0227 cve-icon
https://source.jboss.org/changelog/JBossWeb?cs=2455 cve-icon cve-icon
https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43 cve-icon
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55 cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-0227 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2015-02-16T00:00:00

Updated: 2024-08-06T09:05:39.451Z

Reserved: 2013-12-03T00:00:00

Link: CVE-2014-0227

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-02-16T00:59:00.057

Modified: 2023-11-07T02:18:16.247

Link: CVE-2014-0227

cve-icon Redhat

Severity : Moderate

Publid Date: 2015-02-09T00:00:00Z

Links: CVE-2014-0227 - Bugzilla