Back to search
CVE-2014-0099
Published: May 31, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://advisories.mageia.org/MGASA-2014-0268.html
x_refsource_CONFIRM
59121
third-party-advisory
x_refsource_SECUNIA
RHSA-2015:0765
vendor-advisory
x_refsource_REDHAT
59732
third-party-advisory
x_refsource_SECUNIA
59835
third-party-advisory
x_refsource_SECUNIA
20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure
mailing-list
x_refsource_BUGTRAQ
RHSA-2015:0675
vendor-advisory
x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
x_refsource_CONFIRM
MDVSA-2015:052
vendor-advisory
x_refsource_MANDRIVA
RHSA-2015:0720
vendor-advisory
x_refsource_REDHAT
20140527 [SECURITY] Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure
mailing-list
x_refsource_FULLDISC
59849
third-party-advisory
x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-0865.html
x_refsource_CONFIRM
67668
vdb-entry
x_refsource_BID
MDVSA-2015:084
vendor-advisory
x_refsource_MANDRIVA
DSA-3530
vendor-advisory
x_refsource_DEBIAN
59678
third-party-advisory
x_refsource_SECUNIA
HPSBUX03102
vendor-advisory
x_refsource_HP
20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure
mailing-list
x_refsource_BUGTRAQ
http://tomcat.apache.org/security-7.html
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_BUGTRAQ
MDVSA-2015:053
vendor-advisory
x_refsource_MANDRIVA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
x_refsource_CONFIRM
HPSBUX03150
vendor-advisory
x_refsource_HP
FEDORA-2015-2109
vendor-advisory
x_refsource_FEDORA
http://tomcat.apache.org/security-8.html
x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
x_refsource_CONFIRM
59873
third-party-advisory
x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1578814
x_refsource_CONFIRM
20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
mailing-list
x_refsource_FULLDISC
1030302
vdb-entry
x_refsource_SECTRACK
HPSBOV03503
vendor-advisory
x_refsource_HP
SSRT101681
vendor-advisory
x_refsource_HP
http://svn.apache.org/viewvc?view=revision&revision=1578812
x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1580473
x_refsource_CONFIRM
DSA-3447
vendor-advisory
x_refsource_DEBIAN
60729
third-party-advisory
x_refsource_SECUNIA
60793
third-party-advisory
x_refsource_SECUNIA
20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure
mailing-list
x_refsource_FULLDISC
http://www-01.ibm.com/support/docview.wss?uid=swg21680603
x_refsource_CONFIRM
[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now