PublicDateAtUSN: 2014-05-31 Candidate: CVE-2014-0075 PublicDate: 2014-05-31 11:17:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075 https://ubuntu.com/security/notices/USN-2302-1 Description: Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. Ubuntu-Description: David Jorm discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to consume resources, resulting in a denial of service. Notes: Bugs: Priority: medium Discovered-by: David Jorm Assigned-to: mdeslaur CVSS: Patches_tomcat6: upstream: http://svn.apache.org/viewvc?view=revision&revision=1579262 upstream_tomcat6: released (6.0.41-1) lucid_tomcat6: released (6.0.24-2ubuntu1.16) precise_tomcat6: released (6.0.35-1ubuntu3.5) precise/esm_tomcat6: released (6.0.35-1ubuntu3.5) saucy_tomcat6: ignored (reached end-of-life) trusty_tomcat6: released (6.0.39-1ubuntu0.1) trusty/esm_tomcat6: released (6.0.39-1ubuntu0.1) utopic_tomcat6: not-affected (6.0.41-1) vivid_tomcat6: not-affected (6.0.41-1) vivid/stable-phone-overlay_tomcat6: DNE vivid/ubuntu-core_tomcat6: DNE wily_tomcat6: not-affected (6.0.41-1) xenial_tomcat6: not-affected (6.0.41-1) yakkety_tomcat6: DNE zesty_tomcat6: DNE artful_tomcat6: DNE bionic_tomcat6: DNE devel_tomcat6: DNE Patches_tomcat7: upstream: http://svn.apache.org/viewvc?view=revision&revision=1578341 upstream_tomcat7: released (7.0.53-1) lucid_tomcat7: DNE precise_tomcat7: ignored (reached end-of-life) precise/esm_tomcat7: DNE (precise was needed) saucy_tomcat7: ignored (reached end-of-life) trusty_tomcat7: released (7.0.52-1ubuntu0.1) trusty/esm_tomcat7: released (7.0.52-1ubuntu0.1) utopic_tomcat7: not-affected (7.0.53-1) vivid_tomcat7: not-affected (7.0.53-1) vivid/stable-phone-overlay_tomcat7: DNE vivid/ubuntu-core_tomcat7: DNE wily_tomcat7: not-affected (7.0.53-1) xenial_tomcat7: not-affected (7.0.53-1) yakkety_tomcat7: not-affected (7.0.53-1) zesty_tomcat7: not-affected (7.0.53-1) artful_tomcat7: not-affected (7.0.53-1) bionic_tomcat7: not-affected (7.0.53-1) devel_tomcat7: not-affected (7.0.53-1) Patches_tomcat8: upstream_tomcat8: released (8.0.5-1) lucid_tomcat8: DNE precise_tomcat8: DNE precise/esm_tomcat8: DNE saucy_tomcat8: DNE trusty_tomcat8: DNE trusty/esm_tomcat8: DNE utopic_tomcat8: not-affected (8.0.9-1) vivid_tomcat8: not-affected (8.0.9-1) vivid/stable-phone-overlay_tomcat8: DNE vivid/ubuntu-core_tomcat8: DNE wily_tomcat8: not-affected (8.0.9-1) xenial_tomcat8: not-affected (8.0.9-1) esm-infra/xenial_tomcat8: not-affected (8.0.9-1) yakkety_tomcat8: not-affected (8.0.9-1) zesty_tomcat8: not-affected (8.0.9-1) artful_tomcat8: not-affected (8.0.9-1) bionic_tomcat8: not-affected (8.0.9-1) devel_tomcat8: not-affected (8.0.9-1)