Description

Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.

Remediation

References

CVE-2014-0230

Related Vulnerabilities

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3832)

osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-2019)

MongoDb Other Vulnerability (CVE-2013-2132)

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-22504)

WordPress Plugin ABC Test 'id' Parameter Cross-Site Scripting (0.1)

Severity

High

Classification

CVE-2014-0230

Tags

Missing Update Known Vulnerabilities