GHSA-wf5v-jhxj-q632

Suggest an improvement
Source
https://github.com/advisories/GHSA-wf5v-jhxj-q632
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wf5v-jhxj-q632/GHSA-wf5v-jhxj-q632.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-wf5v-jhxj-q632
Aliases
  • CVE-2014-0095
Published
2022-05-17T00:24:30Z
Modified
2024-02-22T16:49:15.848607Z
Summary
Denial of service in Apache Tomcat
Details

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

References

Affected packages

Maven / org.apache.tomcat:tomcat-coyote

Package

Name
org.apache.tomcat:tomcat-coyote
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat/tomcat-coyote

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0-RC1
Fixed
8.0.4

Affected versions

8.*

8.0.0-RC1
8.0.0-RC3
8.0.0-RC5
8.0.0-RC10
8.0.1
8.0.3

Maven / org.apache.tomcat.embed:tomcat-embed-core

Package

Name
org.apache.tomcat.embed:tomcat-embed-core
View open source insights on deps.dev
Purl
pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0.0-RC1
Fixed
8.0.4

Affected versions

8.*

8.0.0-RC1
8.0.0-RC3
8.0.0-RC5
8.0.0-RC10
8.0.1
8.0.3