CVE-2014-0099
Last modified
CVE-2014-0099 is a vulnerability of currently unknown severity. Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.. EPSS estimates a 8.84% chance of exploitation in the next 30 days.
Description
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Apache | Tomcat | <= 6.0.39 | — |
| Apache | Tomcat | 6 | — |
| Apache | Tomcat | 6.0 | — |
| Apache | Tomcat | 6.0.0 | — |
| Apache | Tomcat | 6.0.1 | — |
| Apache | Tomcat | 6.0.2 | — |
| Apache | Tomcat | 6.0.3 | — |
| Apache | Tomcat | 6.0.4 | — |
| Apache | Tomcat | 6.0.5 | — |
| Apache | Tomcat | 6.0.6 | — |
| Apache | Tomcat | 6.0.7 | — |
| Apache | Tomcat | 6.0.8 | — |
| Apache | Tomcat | 6.0.9 | — |
| Apache | Tomcat | 6.0.10 | — |
| Apache | Tomcat | 6.0.11 | — |
| Apache | Tomcat | 6.0.12 | — |
| Apache | Tomcat | 6.0.13 | — |
| Apache | Tomcat | 6.0.14 | — |
| Apache | Tomcat | 6.0.15 | — |
| Apache | Tomcat | 6.0.16 | — |
| Apache | Tomcat | 6.0.17 | — |
| Apache | Tomcat | 6.0.18 | — |
| Apache | Tomcat | 6.0.19 | — |
| Apache | Tomcat | 6.0.20 | — |
| Apache | Tomcat | 6.0.24 | — |
| Apache | Tomcat | 6.0.26 | — |
| Apache | Tomcat | 6.0.27 | — |
| Apache | Tomcat | 6.0.28 | — |
| Apache | Tomcat | 6.0.29 | — |
| Apache | Tomcat | 6.0.30 | — |
| Apache | Tomcat | 6.0.31 | — |
| Apache | Tomcat | 6.0.32 | — |
| Apache | Tomcat | 6.0.33 | — |
| Apache | Tomcat | 6.0.35 | — |
| Apache | Tomcat | 6.0.36 | — |
| Apache | Tomcat | 6.0.37 | — |
| Apache | Tomcat | 8.0.0 | Rc1 |
| Apache | Tomcat | 8.0.1 | — |
| Apache | Tomcat | 8.0.3 | — |
| Apache | Tomcat | 7.0.0 | — |
| Apache | Tomcat | 7.0.1 | — |
| Apache | Tomcat | 7.0.2 | — |
| Apache | Tomcat | 7.0.3 | — |
| Apache | Tomcat | 7.0.4 | — |
| Apache | Tomcat | 7.0.5 | — |
| Apache | Tomcat | 7.0.6 | — |
| Apache | Tomcat | 7.0.7 | — |
| Apache | Tomcat | 7.0.8 | — |
| Apache | Tomcat | 7.0.9 | — |
| Apache | Tomcat | 7.0.10 | — |
Showing 50 of 91 affected configurations. See NVD for the full list.
References
- http://tomcat.apache.org/security-6.htmlVendor Advisory
- http://tomcat.apache.org/security-7.htmlVendor Advisory
- http://tomcat.apache.org/security-8.htmlVendor Advisory
- http://tomcat.apache.org/security-6.htmlVendor Advisory
- http://tomcat.apache.org/security-7.htmlVendor Advisory
- http://tomcat.apache.org/security-8.htmlVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-0099?
How severe is CVE-2014-0099?
How do I fix CVE-2014-0099?
Are you affected by CVE-2014-0099?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST