CVE-2014-0095

CVSS v2.0 5 (Medium)

EPSS 3.03 % (91^th)

Affected Products 1

Advisories 1

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

Weaknesses

CWE-20: Improper Input Validation

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2014-05-31 11:17:13
(10 years ago)
Updated Date: 2017-11-15 02:29:02
(6 years ago)

Affected Products

Apache

Tomcat

Configuration #1

		CPE23	From	Up To
	Apache Tomcat 8.0.0 Rc1	cpe:2.3:a:apache:tomcat:8.0.0:rc1
	Apache Tomcat 8.0.0 Rc10	cpe:2.3:a:apache:tomcat:8.0.0:rc10
	Apache Tomcat 8.0.0 Rc2	cpe:2.3:a:apache:tomcat:8.0.0:rc2
	Apache Tomcat 8.0.0 Rc5	cpe:2.3:a:apache:tomcat:8.0.0:rc5
	Apache Tomcat 8.0.1	cpe:2.3:a:apache:tomcat:8.0.1
	Apache Tomcat 8.0.3	cpe:2.3:a:apache:tomcat:8.0.3