FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2014-0099

This CVE name corresponds to:

Entered Topic
2014-07-23 tomcat -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2014-0099 at cve.mitre.org

Details

Type Candidate
Name CVE-2014-0099
Phase Assigned(20131203)

Description

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

References

Source Reference
BUGTRAQ 20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure
BUGTRAQ 20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure
BUGTRAQ 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
FULLDISC 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1578812
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1578814
CONFIRM http://svn.apache.org/viewvc?view=revision&revision=1580473
CONFIRM http://tomcat.apache.org/security-6.html
CONFIRM http://tomcat.apache.org/security-7.html
CONFIRM http://tomcat.apache.org/security-8.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21678231
CONFIRM http://linux.oracle.com/errata/ELSA-2014-0865.html
CONFIRM http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21680603
CONFIRM http://www-01.ibm.com/support/docview.wss?uid=swg21681528
CONFIRM http://www.vmware.com/security/advisories/VMSA-2014-0012.html
CONFIRM http://advisories.mageia.org/MGASA-2014-0268.html
DEBIAN DSA-3530
FEDORA FEDORA-2015-2109
HP HPSBUX03150
MANDRIVA MDVSA-2015:052
MANDRIVA MDVSA-2015:053
MANDRIVA MDVSA-2015:084
REDHAT RHSA-2015:0675
REDHAT RHSA-2015:0720
REDHAT RHSA-2015:0765
BID 67668
SECUNIA 59678
SECUNIA 59835
SECUNIA 59873
SECUNIA 59732
SECUNIA 59849
SECUNIA 60729
SECUNIA 60793

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.