Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2014-0099First vendor Publication2014-05-31
VendorCveLast vendor Modification2019-04-15

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0099

CWE : Common Weakness Enumeration

%idName
100 %CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24883
 
Oval ID: oval:org.mitre.oval:def:24883
Title: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0865-00
CESA-2014:0865
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25013
 
Oval ID: oval:org.mitre.oval:def:25013
Title: DEPRECATED: RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. This update also fixes the following bugs: * The patch that resolved the CVE-2014-0050 issue contained redundant code. This update removes the redundant code. (BZ#1094528) * The patch that resolved the CVE-2013-4322 issue contained an invalid check that triggered a java.io.EOFException while reading trailer headers for chunked requests. This update fixes the check and the aforementioned exception is no longer triggered in the described scenario. (BZ#1095602) All Tomcat 6 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0865-00
CESA-2014:0865
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24427
 
Oval ID: oval:org.mitre.oval:def:24427
Title: RHSA-2014:0827: tomcat security update (Moderate)
Description: Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. It was discovered that Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a Tomcat server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All Tomcat 7 users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Tomcat must be restarted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0827-00
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26063
 
Oval ID: oval:org.mitre.oval:def:26063
Title: USN-2302-1 -- tomcat6, tomcat7 vulnerabilities
Description: Several security issues were fixed in Tomcat.
Family: unix Class: patch
Reference(s): USN-2302-1
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Ubuntu 14.04
Ubuntu 12.04
Ubuntu 10.04
Product(s): tomcat7
tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27293
 
Oval ID: oval:org.mitre.oval:def:27293
Title: ELSA-2014-0865 -- tomcat6 security and bug fix update (moderate)
Description: [0:6.0.24-72] - Related: CVE-2014-0075 - rebuild to generate javadoc - correctly. previous build generated 0-length javadoc [0:6.0.24-69] - Related: CVE-2014-0075 incomplete [0:6.0.24-68] - Related: CVE-2013-4322. arches needs to be specified - as in arches noarch, so docs/webapps will produce - full files. building for ppc will generate empty - javadoc. [0:6.0.24-67] - Related: CVE-2014-0050 - Related: CVE-2013-4322 [0:6.0.24-66] - Resolves: CVE-2014-0099 - Resolves: CVE-2014-0096 - Resolves: CVE-2014-0075 [0:6.0.24-65] - Related: CVE-2014-0050 copy paste error
Family: unix Class: patch
Reference(s): ELSA-2014-0865
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Oracle Linux 6
Product(s): tomcat6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27263
 
Oval ID: oval:org.mitre.oval:def:27263
Title: ELSA-2014-0827 -- tomcat security update (moderate)
Description: [0:7.0.42-6] - Resolves: CVE-2014-0099 Fix possible overflow when parsing - long values from byte array - Resolves: CVE-2014-0096 Information discloser process XSLT - files not subject to same constraint running under - java security manager - Resolves: CVE-2014-0075 Avoid overflow in ChunkedInputFilter.
Family: unix Class: patch
Reference(s): ELSA-2014-0827
CVE-2014-0075
CVE-2014-0096
CVE-2014-0099
Version: 3
Platform(s): Oracle Linux 7
Product(s): tomcat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26971
 
Oval ID: oval:org.mitre.oval:def:26971
Title: HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Denial of Service (DoS) and Other Vulnerabilities
Description: Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Family: unix Class: vulnerability
Reference(s): CVE-2014-0099
Version: 4
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application249

Information Assurance Vulnerability Management (IAVM)

DateDescription
2015-06-25IAVM : 2015-B-0083 - Multiple Vulnerabilities in IBM Storwize V7000 Unified
Severity : Category I - VMSKEY : V0060983
2014-12-11IAVM : 2014-B-0162 - VMware vCenter Server 5.1 Certificate Validation Vulnerability
Severity : Category I - VMSKEY : V0057685
2014-12-11IAVM : 2014-B-0159 - VMware vCenter Server Appliance 5.1 Cross-site Scripting Vulnerability
Severity : Category II - VMSKEY : V0057687
2014-12-11IAVM : 2014-A-0191 - VMware vCenter Server 5.0 Certificate Validation Vulnerability
Severity : Category I - VMSKEY : V0057699
2014-12-11IAVM : 2014-B-0161 - Multiple Vulnerabilities in VMware ESXi 5.1
Severity : Category I - VMSKEY : V0057717
2014-05-29IAVM : 2014-B-0063 - Multiple Vulnerabilities in Apache Tomcat
Severity : Category I - VMSKEY : V0051613

Snort® IPS/IDS

DateDescription
2014-11-16http POST request smuggling attempt
RuleID : 31213 - Revision : 2 - Type : INDICATOR-COMPROMISE
2014-11-16http GET request smuggling attempt
RuleID : 31212 - Revision : 2 - Type : INDICATOR-COMPROMISE

Nessus® Vulnerability Scanner

DateDescription
2016-03-28Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3530.nasl - Type : ACT_GATHER_INFO
2016-01-19Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3447.nasl - Type : ACT_GATHER_INFO
2015-12-30Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0012_remote.nasl - Type : ACT_GATHER_INFO
2015-06-26Name : The remote IBM Storwize device is affected by multiple vulnerabilities.
File : ibm_storwize_1_5_0_2.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-526.nasl - Type : ACT_GATHER_INFO
2015-05-18Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-527.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-084.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-052.nasl - Type : ACT_GATHER_INFO
2015-03-19Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-053.nasl - Type : ACT_GATHER_INFO
2015-02-24Name : The remote Fedora host is missing a security update.
File : fedora_2015-2109.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_tomcat_20140715.nasl - Type : ACT_GATHER_INFO
2014-12-15Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201412-29.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote VMware ESXi 5.1 host is affected by multiple vulnerabilities.
File : vmware_esxi_5_1_build_2323236_remote.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote host has a virtualization appliance installed that is affected by ...
File : vmware_vcenter_server_appliance_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote host has an update manager installed that is affected by multiple ...
File : vmware_vcenter_update_mgr_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-12Name : The remote host has a virtualization management application installed that is...
File : vmware_vcenter_vmsa-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-12-06Name : The remote VMware ESXi host is missing a security-related patch.
File : vmware_VMSA-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-11-26Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2014-0012.nasl - Type : ACT_GATHER_INFO
2014-10-10Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL15432.nasl - Type : ACT_GATHER_INFO
2014-08-14Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_tomcat6-201407-140706.nasl - Type : ACT_GATHER_INFO
2014-07-31Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2302-1.nasl - Type : ACT_GATHER_INFO
2014-07-30Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_81fc1076128611e4bebd000c2980a9f3.nasl - Type : ACT_GATHER_INFO
2014-07-24Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0827.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0865.nasl - Type : ACT_GATHER_INFO
2014-07-10Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140709_tomcat6_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0834.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0835.nasl - Type : ACT_GATHER_INFO
2014-07-08Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0843.nasl - Type : ACT_GATHER_INFO
2014-05-30Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_6_0_41.nasl - Type : ACT_GATHER_INFO
2014-05-30Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_7_0_53.nasl - Type : ACT_GATHER_INFO
2014-05-30Name : The remote Apache Tomcat server is affected by multiple vulnerabilities.
File : tomcat_8_0_5.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/67668
BUGTRAQ http://www.securityfocus.com/archive/1/532218/100/0/threaded
http://www.securityfocus.com/archive/1/532221/100/0/threaded
http://www.securityfocus.com/archive/1/534161/100/0/threaded
CONFIRM http://advisories.mageia.org/MGASA-2014-0268.html
http://linux.oracle.com/errata/ELSA-2014-0865.html
http://svn.apache.org/viewvc?view=revision&revision=1578812
http://svn.apache.org/viewvc?view=revision&revision=1578814
http://svn.apache.org/viewvc?view=revision&revision=1580473
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
http://www-01.ibm.com/support/docview.wss?uid=swg21680603
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
DEBIAN http://www.debian.org/security/2016/dsa-3447
http://www.debian.org/security/2016/dsa-3530
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2015-February/15028...
FULLDISC http://seclists.org/fulldisclosure/2014/Dec/23
http://seclists.org/fulldisclosure/2014/May/138
http://seclists.org/fulldisclosure/2014/May/140
HP http://marc.info/?l=bugtraq&m=141017844705317&w=2
http://marc.info/?l=bugtraq&m=141390017113542&w=2
http://marc.info/?l=bugtraq&m=144498216801440&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
MLIST https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930f...
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04cc...
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930...
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236...
REDHAT http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://rhn.redhat.com/errata/RHSA-2015-0765.html
SECTRACK http://www.securitytracker.com/id/1030302
SECUNIA http://secunia.com/advisories/59121

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
DateInformations
2019-04-15 21:18:58
  • Multiple Updates
2019-04-15 17:18:44
  • Multiple Updates
2019-03-25 17:18:58
  • Multiple Updates
2019-03-21 21:19:10
  • Multiple Updates
2018-10-10 00:19:46
  • Multiple Updates
2017-11-15 09:23:50
  • Multiple Updates
2017-03-25 12:00:54
  • Multiple Updates
2017-01-07 09:25:16
  • Multiple Updates
2016-12-08 09:23:29
  • Multiple Updates
2016-12-07 09:24:11
  • Multiple Updates
2016-10-26 09:22:41
  • Multiple Updates
2016-10-15 12:03:09
  • Multiple Updates
2016-08-23 09:24:48
  • Multiple Updates
2016-04-26 09:25:18
  • Multiple Updates
2016-03-29 13:21:00
  • Multiple Updates
2016-01-20 13:24:06
  • Multiple Updates
2015-10-18 17:22:23
  • Multiple Updates
2015-06-27 13:28:46
  • Multiple Updates
2015-05-19 13:27:44
  • Multiple Updates
2015-04-07 09:26:41
  • Multiple Updates
2015-04-02 09:25:43
  • Multiple Updates
2015-03-31 13:28:10
  • Multiple Updates
2015-03-28 09:25:44
  • Multiple Updates
2015-03-26 09:26:13
  • Multiple Updates
2015-03-21 00:25:23
  • Multiple Updates
2015-03-20 13:28:48
  • Multiple Updates
2015-03-20 00:25:15
  • Multiple Updates
2015-03-18 09:26:19
  • Multiple Updates
2015-03-06 00:22:57
  • Multiple Updates
2015-03-03 09:23:08
  • Multiple Updates
2015-02-25 13:24:05
  • Multiple Updates
2015-01-21 13:26:39
  • Multiple Updates
2014-12-16 17:23:50
  • Multiple Updates
2014-12-16 13:25:06
  • Multiple Updates
2014-12-12 09:22:56
  • Multiple Updates
2014-12-03 09:26:45
  • Multiple Updates
2014-11-16 21:24:45
  • Multiple Updates
2014-10-11 13:26:19
  • Multiple Updates
2014-10-10 13:27:07
  • Multiple Updates
2014-09-12 21:26:37
  • Multiple Updates
2014-09-04 13:25:05
  • Multiple Updates
2014-08-15 13:27:43
  • Multiple Updates
2014-08-01 13:24:54
  • Multiple Updates
2014-07-31 13:25:04
  • Multiple Updates
2014-07-25 13:21:38
  • Multiple Updates
2014-07-18 09:22:19
  • Multiple Updates
2014-07-17 09:22:06
  • Multiple Updates
2014-07-11 13:25:06
  • Multiple Updates
2014-07-09 13:25:35
  • Multiple Updates
2014-06-04 17:21:10
  • Multiple Updates
2014-06-03 00:21:02
  • Multiple Updates
2014-05-31 17:20:45
  • First insertion