Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tomcat | Apache | 7.0.0 (including) | 7.0.0 (including) |
Tomcat | Apache | 7.0.0-beta (including) | 7.0.0-beta (including) |
Tomcat | Apache | 7.0.1 (including) | 7.0.1 (including) |
Tomcat | Apache | 7.0.2 (including) | 7.0.2 (including) |
Tomcat | Apache | 7.0.2-beta (including) | 7.0.2-beta (including) |
Tomcat | Apache | 7.0.3 (including) | 7.0.3 (including) |
Tomcat | Apache | 7.0.4 (including) | 7.0.4 (including) |
Tomcat | Apache | 7.0.4-beta (including) | 7.0.4-beta (including) |
Tomcat | Apache | 7.0.5 (including) | 7.0.5 (including) |
Tomcat | Apache | 7.0.6 (including) | 7.0.6 (including) |
Tomcat | Apache | 7.0.7 (including) | 7.0.7 (including) |
Tomcat | Apache | 7.0.8 (including) | 7.0.8 (including) |
Tomcat | Apache | 7.0.9 (including) | 7.0.9 (including) |
Tomcat | Apache | 7.0.10 (including) | 7.0.10 (including) |
Tomcat | Apache | 7.0.11 (including) | 7.0.11 (including) |
Tomcat | Apache | 7.0.12 (including) | 7.0.12 (including) |
Tomcat | Apache | 7.0.13 (including) | 7.0.13 (including) |
Tomcat | Apache | 7.0.14 (including) | 7.0.14 (including) |
Tomcat | Apache | 7.0.15 (including) | 7.0.15 (including) |
Tomcat | Apache | 7.0.16 (including) | 7.0.16 (including) |
Tomcat | Apache | 7.0.17 (including) | 7.0.17 (including) |
Tomcat | Apache | 7.0.18 (including) | 7.0.18 (including) |
Tomcat | Apache | 7.0.19 (including) | 7.0.19 (including) |
Tomcat | Apache | 7.0.20 (including) | 7.0.20 (including) |
Tomcat | Apache | 7.0.21 (including) | 7.0.21 (including) |
Tomcat | Apache | 7.0.22 (including) | 7.0.22 (including) |
Tomcat | Apache | 7.0.23 (including) | 7.0.23 (including) |
Tomcat | Apache | 7.0.24 (including) | 7.0.24 (including) |
Tomcat | Apache | 7.0.25 (including) | 7.0.25 (including) |
Tomcat | Apache | 7.0.26 (including) | 7.0.26 (including) |
Tomcat | Apache | 7.0.27 (including) | 7.0.27 (including) |
Tomcat | Apache | 7.0.28 (including) | 7.0.28 (including) |
Tomcat | Apache | 7.0.29 (including) | 7.0.29 (including) |
Tomcat | Apache | 7.0.30 (including) | 7.0.30 (including) |
Tomcat | Apache | 7.0.31 (including) | 7.0.31 (including) |
Tomcat | Apache | 7.0.32 (including) | 7.0.32 (including) |
Tomcat | Apache | 7.0.33 (including) | 7.0.33 (including) |
Tomcat | Apache | 7.0.34 (including) | 7.0.34 (including) |
Tomcat | Apache | 7.0.35 (including) | 7.0.35 (including) |
Tomcat | Apache | 7.0.36 (including) | 7.0.36 (including) |
Tomcat | Apache | 7.0.37 (including) | 7.0.37 (including) |
Tomcat | Apache | 7.0.38 (including) | 7.0.38 (including) |
Tomcat | Apache | 7.0.39 (including) | 7.0.39 (including) |
Tomcat | Apache | 7.0.40 (including) | 7.0.40 (including) |
Tomcat | Apache | 7.0.41 (including) | 7.0.41 (including) |
Tomcat | Apache | 7.0.42 (including) | 7.0.42 (including) |
Tomcat | Apache | 7.0.43 (including) | 7.0.43 (including) |
Tomcat | Apache | 7.0.44 (including) | 7.0.44 (including) |
Tomcat | Apache | 7.0.45 (including) | 7.0.45 (including) |
Tomcat | Apache | 7.0.46 (including) | 7.0.46 (including) |
Tomcat | Apache | 7.0.47 (including) | 7.0.47 (including) |
Tomcat | Apache | 7.0.48 (including) | 7.0.48 (including) |
Tomcat | Apache | 7.0.49 (including) | 7.0.49 (including) |
Tomcat | Apache | 7.0.50 (including) | 7.0.50 (including) |
Tomcat | Apache | 7.0.52 (including) | 7.0.52 (including) |