GHSA-42j3-498q-m6vp

Source

https://github.com/advisories/GHSA-42j3-498q-m6vp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-42j3-498q-m6vp/GHSA-42j3-498q-m6vp.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-42j3-498q-m6vp

Aliases

CVE-2014-0227

Published

2022-05-14T01:10:18Z

Modified

2024-12-08T05:26:26.641768Z

Summary

Improper Input Validation in Apache Tomcat

Details

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Database specific

{
    "nvd_published_at": "2015-02-16T00:59:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-07T22:52:25Z"
}

References

Affected packages

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.0.0

Fixed

6.0.42

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.0.55

Affected versions

7.*

7.0.35

7.0.37

7.0.39

7.0.40

7.0.41

7.0.42

7.0.47

7.0.50

7.0.52

7.0.53

7.0.54

Maven / org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.0.9

Affected versions

8.*

8.0.1

8.0.3

8.0.5

8.0.8