GHSA-pxcx-cxq8-4mmw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-pxcx-cxq8-4mmw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-pxcx-cxq8-4mmw/GHSA-pxcx-cxq8-4mmw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-pxcx-cxq8-4mmw
- Aliases
-
- CVE-2014-0230
- Published
- 2022-05-14T01:10:18Z
- Modified
- 2024-12-07T05:40:15.472005Z
- Summary
- Uncontrolled Resource Consumption in Apache Tomcat
- Details
-
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
- Database specific
{ "nvd_published_at": "2015-06-07T23:59:00Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2022-07-07T22:52:12Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-0230
- https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba
- https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51
- https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1
- https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb
- https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5
- https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303
- https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16
- https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2
- https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
- https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
- https://issues.jboss.org/browse/JWS-220
- https://issues.jboss.org/browse/JWS-219
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
- https://github.com/apache/tomcat
- https://access.redhat.com/errata/RHSA-2015:2660
- https://access.redhat.com/errata/RHSA-2015:2659
- http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
- http://marc.info/?l=bugtraq&m=144498216801440&w=2
- http://marc.info/?l=bugtraq&m=145974991225029&w=2
- http://openwall.com/lists/oss-security/2015/04/10/1
- http://rhn.redhat.com/errata/RHSA-2015-1622.html
- http://rhn.redhat.com/errata/RHSA-2016-0595.html
- http://rhn.redhat.com/errata/RHSA-2016-0596.html
- http://rhn.redhat.com/errata/RHSA-2016-0597.html
- http://rhn.redhat.com/errata/RHSA-2016-0598.html
- http://svn.apache.org/viewvc?view=revision&revision=1603770
- http://svn.apache.org/viewvc?view=revision&revision=1603775
- http://svn.apache.org/viewvc?view=revision&revision=1603779
- http://tomcat.apache.org/security-6.html
- http://tomcat.apache.org/security-7.html
- http://tomcat.apache.org/security-8.html
- http://www.debian.org/security/2016/dsa-3447
- http://www.debian.org/security/2016/dsa-3530
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.ubuntu.com/usn/USN-2654-1
- http://www.ubuntu.com/usn/USN-2655-1
Affected packages
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat
Maven / org.apache.tomcat:tomcat
Package
- Name
- org.apache.tomcat:tomcat
- View open source insights on deps.dev
- Purl
- pkg:maven/org.apache.tomcat/tomcat