Description

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Remediation

References

http://tomcat.apache.org/security-7.html

https://bugzilla.redhat.com/show_bug.cgi?id=1109196

http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html

https://source.jboss.org/changelog/JBossWeb?cs=2455

http://tomcat.apache.org/security-6.html

http://svn.apache.org/viewvc?view=revision&revision=1600984

http://tomcat.apache.org/security-8.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://www.securityfocus.com/bid/72717

http://www.mandriva.com/security/advisories?name=MDVSA-2015:052

http://advisories.mageia.org/MGASA-2015-0081.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:053

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

http://rhn.redhat.com/errata/RHSA-2015-0765.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.debian.org/security/2016/dsa-3530

http://marc.info/?l=bugtraq&m=143403519711434&w=2

http://marc.info/?l=bugtraq&m=143393515412274&w=2

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.debian.org/security/2016/dsa-3447

http://www.ubuntu.com/usn/USN-2655-1

http://rhn.redhat.com/errata/RHSA-2015-0991.html

http://rhn.redhat.com/errata/RHSA-2015-0983.html

http://www.securitytracker.com/id/1032791

http://www.ubuntu.com/usn/USN-2654-1

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

Related Vulnerabilities

CVE-2014-3527 Vulnerability in maven package org.springframework.security:spring-security-cas

CVE-2023-46244 Vulnerability in maven package org.xwiki.platform:xwiki-platform-display-api

CVE-2023-45819 Vulnerability in maven package org.webjars.npm:tinymce

CVE-2023-49652 Vulnerability in maven package org.jenkins-ci.plugins:google-compute-engine

CVE-2020-27822 Vulnerability in maven package io.opentracing.contrib:opentracing-interceptors

Severity

Critical

Classification

CWE-19

Tags

Vendor Advisory