CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Affected Software

Name	Vendor	Start Version	End Version
Tomcat	Apache	7.0.0	7.0.0
Tomcat	Apache	7.0.0	7.0.0
Tomcat	Apache	7.0.1	7.0.1
Tomcat	Apache	7.0.2	7.0.2
Tomcat	Apache	7.0.2	7.0.2
Tomcat	Apache	7.0.3	7.0.3
Tomcat	Apache	7.0.4	7.0.4
Tomcat	Apache	7.0.4	7.0.4
Tomcat	Apache	7.0.5	7.0.5
Tomcat	Apache	7.0.6	7.0.6
Tomcat	Apache	7.0.7	7.0.7
Tomcat	Apache	7.0.8	7.0.8
Tomcat	Apache	7.0.9	7.0.9
Tomcat	Apache	7.0.10	7.0.10
Tomcat	Apache	7.0.11	7.0.11
Tomcat	Apache	7.0.12	7.0.12
Tomcat	Apache	7.0.13	7.0.13
Tomcat	Apache	7.0.14	7.0.14
Tomcat	Apache	7.0.15	7.0.15
Tomcat	Apache	7.0.16	7.0.16
Tomcat	Apache	7.0.17	7.0.17
Tomcat	Apache	7.0.18	7.0.18
Tomcat	Apache	7.0.19	7.0.19
Tomcat	Apache	7.0.20	7.0.20
Tomcat	Apache	7.0.21	7.0.21
Tomcat	Apache	7.0.22	7.0.22
Tomcat	Apache	7.0.23	7.0.23
Tomcat	Apache	7.0.24	7.0.24
Tomcat	Apache	7.0.25	7.0.25
Tomcat	Apache	7.0.26	7.0.26
Tomcat	Apache	7.0.27	7.0.27
Tomcat	Apache	7.0.28	7.0.28
Tomcat	Apache	7.0.29	7.0.29
Tomcat	Apache	7.0.30	7.0.30
Tomcat	Apache	7.0.31	7.0.31
Tomcat	Apache	7.0.32	7.0.32
Tomcat	Apache	7.0.33	7.0.33
Tomcat	Apache	7.0.34	7.0.34
Tomcat	Apache	7.0.35	7.0.35
Tomcat	Apache	7.0.36	7.0.36
Tomcat	Apache	7.0.37	7.0.37
Tomcat	Apache	7.0.38	7.0.38
Tomcat	Apache	7.0.39	7.0.39
Tomcat	Apache	7.0.40	7.0.40
Tomcat	Apache	7.0.41	7.0.41
Tomcat	Apache	7.0.42	7.0.42
Tomcat	Apache	7.0.43	7.0.43
Tomcat	Apache	7.0.44	7.0.44
Tomcat	Apache	7.0.45	7.0.45
Tomcat	Apache	7.0.46	7.0.46
Tomcat	Apache	7.0.47	7.0.47
Tomcat	Apache	7.0.48	7.0.48
Tomcat	Apache	7.0.49	7.0.49
Tomcat	Apache	7.0.50	7.0.50
Tomcat	Apache	7.0.52	7.0.52
Red Hat Enterprise Linux 6	RedHat	tomcat6-0:6.0.24-72.el6_5	*
Red Hat Enterprise Linux 7	RedHat	tomcat-0:7.0.42-6.el7_0	*
Red Hat JBoss BPMS 6.0	RedHat	jbossweb	*
Red Hat JBoss BRMS 6.0	RedHat	jbossweb	*
Red Hat JBoss Data Grid 6.3	RedHat	jbossweb	*
Red Hat JBoss Data Virtualization 6.0	RedHat	jbossweb	*
Red Hat JBoss Data Virtualization 6.1	RedHat		*
Red Hat JBoss Enterprise Application Platform 6.2	RedHat		*
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	RedHat	jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5	*
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6	RedHat	jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 5	RedHat	tomcat6-0:6.0.37-20_patch_04.ep6.el5	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 5	RedHat	tomcat7-0:7.0.40-14_patch_03.ep6.el5	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 6	RedHat	tomcat6-0:6.0.37-29_patch_05.ep6.el6	*
Red Hat JBoss Enterprise Web Server 2 for RHEL 6	RedHat	tomcat7-0:7.0.40-11_patch_03.ep6.el6	*
Red Hat JBoss Fuse Service Works 6.0	RedHat	jbossweb	*
Red Hat JBoss Operations Network 3.2	RedHat		*
Red Hat JBoss Portal 6.2	RedHat	jbossweb	*
Red Hat JBoss Web Server 2.0	RedHat	tomcat6	*
Red Hat JBoss Web Server 2.0	RedHat	tomcat7	*
Tomcat6	Ubuntu	lucid	*
Tomcat6	Ubuntu	precise	*
Tomcat6	Ubuntu	precise/esm	*
Tomcat6	Ubuntu	saucy	*
Tomcat6	Ubuntu	trusty	*
Tomcat6	Ubuntu	trusty/esm	*
Tomcat6	Ubuntu	upstream	*
Tomcat7	Ubuntu	precise	*
Tomcat7	Ubuntu	saucy	*
Tomcat7	Ubuntu	trusty	*
Tomcat7	Ubuntu	trusty/esm	*
Tomcat7	Ubuntu	upstream	*
Tomcat8	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-0075
CWE	https://cwe.mitre.org/data/definitions/189.html

Affected Software

References