Description
java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
Remediation
References
http://tomcat.apache.org/security-7.html
https://bugzilla.redhat.com/show_bug.cgi?id=1109196
http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html
https://source.jboss.org/changelog/JBossWeb?cs=2455
http://tomcat.apache.org/security-6.html
http://svn.apache.org/viewvc?view=revision&revision=1600984
http://tomcat.apache.org/security-8.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html
http://rhn.redhat.com/errata/RHSA-2015-0675.html
http://www.securityfocus.com/bid/72717
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
http://advisories.mageia.org/MGASA-2015-0081.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
http://rhn.redhat.com/errata/RHSA-2015-0720.html
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
http://rhn.redhat.com/errata/RHSA-2015-0765.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.debian.org/security/2016/dsa-3530
http://marc.info/?l=bugtraq&m=143403519711434&w=2
http://marc.info/?l=bugtraq&m=143393515412274&w=2
http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.debian.org/security/2016/dsa-3447
http://www.ubuntu.com/usn/USN-2655-1
http://rhn.redhat.com/errata/RHSA-2015-0991.html
http://rhn.redhat.com/errata/RHSA-2015-0983.html
http://www.securitytracker.com/id/1032791
http://www.ubuntu.com/usn/USN-2654-1
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
Related Vulnerabilities
CVE-2019-10087 Vulnerability in maven package org.apache.jspwiki:jspwiki-war
CVE-2022-39975 Vulnerability in maven package com.liferay.portal:release.portal.bom
CVE-2022-45388 Vulnerability in maven package net.praqma:config-rotator
CVE-2018-14658 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2018-1000862 Vulnerability in maven package org.jenkins-ci.main:jenkins-core