Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2014-0075First vendor Publication2014-05-31
VendorCveLast vendor Modification2019-04-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

CWE : Common Weakness Enumeration

%idName
100 %CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27100
 
Oval ID: oval:org.mitre.oval:def:27100
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0075
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application249

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-06-25IAVM : 2015-B-0083 - Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-12-11IAVM : 2014-B-0162 - VMware vCenter Server 5.1 Certificate Validation Vulnerability
Severity : Category I - VMSKEY : V0057685
2014-12-11IAVM : 2014-B-0159 - VMware vCenter Server Appliance 5.1 Cross-site Scripting Vulnerability
Severity : Category II - VMSKEY : V0057687
2014-12-11IAVM : 2014-A-0191 - VMware vCenter Server 5.0 Certificate Validation Vulnerability
Severity : Category I - VMSKEY : V0057699
2014-12-11IAVM : 2014-B-0161 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0057717
2014-05-29IAVM : 2014-B-0063 - Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613

Nessus® Vulnerability Scanner

DateDescription
2016-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-01-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-12-30Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0012_remote.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO
2015-02-24Name : The remote Fedora host is missing a security update.
File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_server_appliance_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-06Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15426.nasl - Type : ACT_GATHER_INFO
2014-07-31Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2302-1.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_81fc1076128611e4bebd000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0834.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0835.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0843.nasl - Type : ACT_GATHER_INFO
2014-05-30Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_41.nasl - Type : ACT_GATHER_INFO
2014-05-30Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_53.nasl - Type : ACT_GATHER_INFO
2014-05-30Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_5.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/67671
BUGTRAQ http://www.securityfocus.com/archive/1/534161/100/0/threaded
CONFIRM http://advisories.mageia.org/MGASA-2014-0268.html
http://linux.oracle.com/errata/ELSA-2014-0865.html
http://svn.apache.org/viewvc?view=revision&revision=1578337
http://svn.apache.org/viewvc?view=revision&revision=1578341
http://svn.apache.org/viewvc?view=revision&revision=1579262
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
http://www-01.ibm.com/support/docview.wss?uid=swg21680603
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
http://www.novell.com/support/kb/doc.php?id=7010166
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
DEBIAN http://www.debian.org/security/2016/dsa-3447
http://www.debian.org/security/2016/dsa-3530
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-February/15028...
FULLDISC http://seclists.org/fulldisclosure/2014/Dec/23
HP http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://marc.info/?l=bugtraq&m=141390017113542&w=2
http://marc.info/?l=bugtraq&m=144498216801440&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
MLIST https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930f...
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04cc...
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930...
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236...
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
SECUNIA http://secunia.com/advisories/59121

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
DateInformations
2019-04-15 21:18:58
  • Multiple Updates
2019-04-15 17:18:44
  • Multiple Updates
2019-03-25 17:18:58
  • Multiple Updates
2019-03-21 21:19:10
  • Multiple Updates
2018-10-10 00:19:46
  • Multiple Updates
2017-11-15 09:23:50
  • Multiple Updates
2017-03-25 12:00:54
  • Multiple Updates
2017-01-07 09:25:16
  • Multiple Updates
2016-12-08 09:23:29
  • Multiple Updates
2016-12-07 09:24:11
  • Multiple Updates
2016-10-26 09:22:41
  • Multiple Updates
2016-10-15 12:03:09
  • Multiple Updates
2016-08-23 09:24:48
  • Multiple Updates
2016-04-26 09:25:17
  • Multiple Updates
2016-03-29 13:21:00
  • Multiple Updates
2016-01-20 13:24:06
  • Multiple Updates
2015-10-18 17:22:22
  • Multiple Updates
2015-06-27 13:28:45
  • Multiple Updates
2015-05-19 13:27:44
  • Multiple Updates
2015-04-07 09:26:39
  • Multiple Updates
2015-04-02 09:25:41
  • Multiple Updates
2015-03-31 13:28:09
  • Multiple Updates
2015-03-28 09:25:43
  • Multiple Updates
2015-03-26 09:26:12
  • Multiple Updates
2015-03-21 00:25:22
  • Multiple Updates
2015-03-20 13:28:48
  • Multiple Updates
2015-03-20 00:25:14
  • Multiple Updates
2015-03-18 09:26:18
  • Multiple Updates
2015-03-06 00:22:56
  • Multiple Updates
2015-03-03 09:23:07
  • Multiple Updates
2015-02-25 13:24:04
  • Multiple Updates
2015-01-21 13:26:38
  • Multiple Updates
2014-12-16 17:23:48
  • Multiple Updates
2014-12-16 13:25:05
  • Multiple Updates
2014-12-12 09:22:55
  • Multiple Updates
2014-12-03 09:26:44
  • Multiple Updates
2014-10-11 13:26:19
  • Multiple Updates
2014-09-12 21:26:35
  • Multiple Updates
2014-09-04 13:25:03
  • Multiple Updates
2014-08-01 13:24:48
  • Multiple Updates
2014-07-31 13:25:03
  • Multiple Updates
2014-07-25 13:21:38
  • Multiple Updates
2014-07-18 09:22:16
  • Multiple Updates
2014-07-17 09:22:02
  • Multiple Updates
2014-07-11 13:25:06
  • Multiple Updates
2014-07-09 13:25:34
  • Multiple Updates
2014-06-04 17:21:09
  • Multiple Updates
2014-06-03 00:21:00
  • Multiple Updates
2014-05-31 17:20:45
  • First insertion