ID CVE-2014-0099
Summary Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:tomcat:6.0.39
    cpe:2.3:a:apache:tomcat:6.0.39
  • Apache Software Foundation Tomcat 6
    cpe:2.3:a:apache:tomcat:6
  • Apache Software Foundation Tomcat 6.0
    cpe:2.3:a:apache:tomcat:6.0
  • Apache Software Foundation Tomcat 6.0.0
    cpe:2.3:a:apache:tomcat:6.0.0
  • Apache Software Foundation Tomcat 6.0.0 alpha
    cpe:2.3:a:apache:tomcat:6.0.0:alpha
  • Apache Software Foundation Tomcat 6.0.1
    cpe:2.3:a:apache:tomcat:6.0.1
  • Apache Software Foundation Tomcat 6.0.1 alpha
    cpe:2.3:a:apache:tomcat:6.0.1:alpha
  • Apache Software Foundation Tomcat 6.0.10
    cpe:2.3:a:apache:tomcat:6.0.10
  • Apache Software Foundation Tomcat 6.0.11
    cpe:2.3:a:apache:tomcat:6.0.11
  • Apache Software Foundation Tomcat 6.0.12
    cpe:2.3:a:apache:tomcat:6.0.12
  • Apache Software Foundation Tomcat 6.0.13
    cpe:2.3:a:apache:tomcat:6.0.13
  • Apache Software Foundation Tomcat 6.0.14
    cpe:2.3:a:apache:tomcat:6.0.14
  • Apache Software Foundation Tomcat 6.0.15
    cpe:2.3:a:apache:tomcat:6.0.15
  • Apache Software Foundation Tomcat 6.0.16
    cpe:2.3:a:apache:tomcat:6.0.16
  • Apache Software Foundation Tomcat 6.0.17
    cpe:2.3:a:apache:tomcat:6.0.17
  • Apache Software Foundation Tomcat 6.0.18
    cpe:2.3:a:apache:tomcat:6.0.18
  • Apache Software Foundation Tomcat 6.0.19
    cpe:2.3:a:apache:tomcat:6.0.19
  • Apache Software Foundation Tomcat 6.0.2
    cpe:2.3:a:apache:tomcat:6.0.2
  • Apache Software Foundation Tomcat 6.0.2 alpha
    cpe:2.3:a:apache:tomcat:6.0.2:alpha
  • Apache Software Foundation Tomcat 6.0.2 beta
    cpe:2.3:a:apache:tomcat:6.0.2:beta
  • Apache Software Foundation Tomcat 6.0.20
    cpe:2.3:a:apache:tomcat:6.0.20
  • Apache Software Foundation Tomcat 6.0.24
    cpe:2.3:a:apache:tomcat:6.0.24
  • Apache Software Foundation Tomcat 6.0.26
    cpe:2.3:a:apache:tomcat:6.0.26
  • Apache Software Foundation Tomcat 6.0.27
    cpe:2.3:a:apache:tomcat:6.0.27
  • Apache Software Foundation Tomcat 6.0.28
    cpe:2.3:a:apache:tomcat:6.0.28
  • Apache Software Foundation Tomcat 6.0.29
    cpe:2.3:a:apache:tomcat:6.0.29
  • Apache Software Foundation Tomcat 6.0.3
    cpe:2.3:a:apache:tomcat:6.0.3
  • Apache Software Foundation Tomcat 6.0.30
    cpe:2.3:a:apache:tomcat:6.0.30
  • Apache Software Foundation Tomcat 6.0.31
    cpe:2.3:a:apache:tomcat:6.0.31
  • Apache Software Foundation Tomcat 6.0.32
    cpe:2.3:a:apache:tomcat:6.0.32
  • Apache Software Foundation Tomcat 6.0.33
    cpe:2.3:a:apache:tomcat:6.0.33
  • Apache Software Foundation Tomcat 6.0.35
    cpe:2.3:a:apache:tomcat:6.0.35
  • Apache Software Foundation Tomcat 6.0.36
    cpe:2.3:a:apache:tomcat:6.0.36
  • Apache Software Foundation Tomcat 6.0.37
    cpe:2.3:a:apache:tomcat:6.0.37
  • Apache Software Foundation Tomcat 6.0.4
    cpe:2.3:a:apache:tomcat:6.0.4
  • Apache Software Foundation Tomcat 6.0.4 alpha
    cpe:2.3:a:apache:tomcat:6.0.4:alpha
  • Apache Software Foundation Tomcat 6.0.5
    cpe:2.3:a:apache:tomcat:6.0.5
  • Apache Software Foundation Tomcat 6.0.6
    cpe:2.3:a:apache:tomcat:6.0.6
  • Apache Software Foundation Tomcat 6.0.6 alpha
    cpe:2.3:a:apache:tomcat:6.0.6:alpha
  • Apache Software Foundation Tomcat 6.0.7
    cpe:2.3:a:apache:tomcat:6.0.7
  • Apache Software Foundation Tomcat 6.0.7 alpha
    cpe:2.3:a:apache:tomcat:6.0.7:alpha
  • Apache Software Foundation Tomcat 6.0.7 beta
    cpe:2.3:a:apache:tomcat:6.0.7:beta
  • Apache Software Foundation Tomcat 6.0.8
    cpe:2.3:a:apache:tomcat:6.0.8
  • Apache Software Foundation Tomcat 6.0.8 alpha
    cpe:2.3:a:apache:tomcat:6.0.8:alpha
  • Apache Software Foundation Tomcat 6.0.9
    cpe:2.3:a:apache:tomcat:6.0.9
  • Apache Software Foundation Tomcat 6.0.9 beta
    cpe:2.3:a:apache:tomcat:6.0.9:beta
  • cpe:2.3:a:apache:tomcat:8.0.3
    cpe:2.3:a:apache:tomcat:8.0.3
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 1
    cpe:2.3:a:apache:tomcat:8.0.0:rc1
  • Apache Software Foundation Tomcat 8.0.0 release candidate 10
    cpe:2.3:a:apache:tomcat:8.0.0:rc10
  • Apache Software Foundation Tomcat 8.0.0 Release Candidate 2
    cpe:2.3:a:apache:tomcat:8.0.0:rc2
  • Apache Software Foundation Tomcat 8.0.0 release candidate 5
    cpe:2.3:a:apache:tomcat:8.0.0:rc5
  • Apache Software Foundation Tomcat 8.0.1
    cpe:2.3:a:apache:tomcat:8.0.1
  • cpe:2.3:a:apache:tomcat:7.0.52
    cpe:2.3:a:apache:tomcat:7.0.52
  • Apache Software Foundation Tomcat 7.0.0
    cpe:2.3:a:apache:tomcat:7.0.0
  • Apache Software Foundation Tomcat 7.0.0 beta
    cpe:2.3:a:apache:tomcat:7.0.0:beta
  • Apache Software Foundation Tomcat 7.0.1
    cpe:2.3:a:apache:tomcat:7.0.1
  • Apache Software Foundation Tomcat 7.0.10
    cpe:2.3:a:apache:tomcat:7.0.10
  • Apache Software Foundation Tomcat 7.0.11
    cpe:2.3:a:apache:tomcat:7.0.11
  • Apache Software Foundation Tomcat 7.0.12
    cpe:2.3:a:apache:tomcat:7.0.12
  • Apache Software Foundation Tomcat 7.0.13
    cpe:2.3:a:apache:tomcat:7.0.13
  • Apache Software Foundation Tomcat 7.0.14
    cpe:2.3:a:apache:tomcat:7.0.14
  • Apache Software Foundation Tomcat 7.0.15
    cpe:2.3:a:apache:tomcat:7.0.15
  • Apache Software Foundation Tomcat 7.0.16
    cpe:2.3:a:apache:tomcat:7.0.16
  • Apache Software Foundation Tomcat 7.0.17
    cpe:2.3:a:apache:tomcat:7.0.17
  • Apache Software Foundation Tomcat 7.0.18
    cpe:2.3:a:apache:tomcat:7.0.18
  • Apache Software Foundation Tomcat 7.0.19
    cpe:2.3:a:apache:tomcat:7.0.19
  • Apache Software Foundation Tomcat 7.0.2
    cpe:2.3:a:apache:tomcat:7.0.2
  • Apache Software Foundation Tomcat 7.0.2 beta
    cpe:2.3:a:apache:tomcat:7.0.2:beta
  • Apache Software Foundation Tomcat 7.0.20
    cpe:2.3:a:apache:tomcat:7.0.20
  • Apache Software Foundation Tomcat 7.0.21
    cpe:2.3:a:apache:tomcat:7.0.21
  • Apache Software Foundation Tomcat 7.0.22
    cpe:2.3:a:apache:tomcat:7.0.22
  • Apache Software Foundation Tomcat 7.0.23
    cpe:2.3:a:apache:tomcat:7.0.23
  • Apache Software Foundation Tomcat 7.0.24
    cpe:2.3:a:apache:tomcat:7.0.24
  • Apache Software Foundation Tomcat 7.0.25
    cpe:2.3:a:apache:tomcat:7.0.25
  • Apache Software Foundation Tomcat 7.0.26
    cpe:2.3:a:apache:tomcat:7.0.26
  • Apache Software Foundation Tomcat 7.0.27
    cpe:2.3:a:apache:tomcat:7.0.27
  • Apache Software Foundation Tomcat 7.0.28
    cpe:2.3:a:apache:tomcat:7.0.28
  • Apache Software Foundation Tomcat 7.0.29
    cpe:2.3:a:apache:tomcat:7.0.29
  • Apache Software Foundation Tomcat 7.0.3
    cpe:2.3:a:apache:tomcat:7.0.3
  • Apache Software Foundation Tomcat 7.0.30
    cpe:2.3:a:apache:tomcat:7.0.30
  • Apache Software Foundation Tomcat 7.0.31
    cpe:2.3:a:apache:tomcat:7.0.31
  • Apache Software Foundation Tomcat 7.0.32
    cpe:2.3:a:apache:tomcat:7.0.32
  • Apache Software Foundation Tomcat 7.0.33
    cpe:2.3:a:apache:tomcat:7.0.33
  • Apache Software Foundation Tomcat 7.0.34
    cpe:2.3:a:apache:tomcat:7.0.34
  • Apache Software Foundation Tomcat 7.0.35
    cpe:2.3:a:apache:tomcat:7.0.35
  • Apache Software Foundation Tomcat 7.0.36
    cpe:2.3:a:apache:tomcat:7.0.36
  • Apache Software Foundation Tomcat 7.0.37
    cpe:2.3:a:apache:tomcat:7.0.37
  • Apache Software Foundation Tomcat 7.0.38
    cpe:2.3:a:apache:tomcat:7.0.38
  • Apache Software Foundation Tomcat 7.0.39
    cpe:2.3:a:apache:tomcat:7.0.39
  • Apache Software Foundation Tomcat 7.0.4
    cpe:2.3:a:apache:tomcat:7.0.4
  • Apache Software Foundation Tomcat 7.0.4 beta
    cpe:2.3:a:apache:tomcat:7.0.4:beta
  • Apache Software Foundation Tomcat 7.0.40
    cpe:2.3:a:apache:tomcat:7.0.40
  • Apache Software Foundation Tomcat 7.0.41
    cpe:2.3:a:apache:tomcat:7.0.41
  • Apache Software Foundation Tomcat 7.0.42
    cpe:2.3:a:apache:tomcat:7.0.42
  • Apache Software Foundation Tomcat 7.0.43
    cpe:2.3:a:apache:tomcat:7.0.43
  • Apache Software Foundation Tomcat 7.0.44
    cpe:2.3:a:apache:tomcat:7.0.44
  • Apache Software Foundation Tomcat 7.0.45
    cpe:2.3:a:apache:tomcat:7.0.45
  • Apache Software Foundation Tomcat 7.0.46
    cpe:2.3:a:apache:tomcat:7.0.46
  • Apache Software Foundation Tomcat 7.0.47
    cpe:2.3:a:apache:tomcat:7.0.47
  • Apache Software Foundation Tomcat 7.0.48
    cpe:2.3:a:apache:tomcat:7.0.48
  • Apache Software Foundation Tomcat 7.0.49
    cpe:2.3:a:apache:tomcat:7.0.49
  • Apache Software Foundation Tomcat 7.0.5
    cpe:2.3:a:apache:tomcat:7.0.5
  • Apache Software Foundation Tomcat 7.0.50
    cpe:2.3:a:apache:tomcat:7.0.50
  • Apache Software Foundation Tomcat 7.0.6
    cpe:2.3:a:apache:tomcat:7.0.6
  • Apache Software Foundation Tomcat 7.0.7
    cpe:2.3:a:apache:tomcat:7.0.7
  • Apache Software Foundation Tomcat 7.0.8
    cpe:2.3:a:apache:tomcat:7.0.8
  • Apache Software Foundation Tomcat 7.0.9
    cpe:2.3:a:apache:tomcat:7.0.9
CVSS
Base: 4.3 (as of 28-06-2016 - 11:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
redhat via4
advisories
  • bugzilla
    id 1102030
    title CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment tomcat-el-2.2-api is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827019
        • comment tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686024
      • AND
        • comment tomcat is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827005
        • comment tomcat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686006
      • AND
        • comment tomcat-lib is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827017
        • comment tomcat-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686010
      • AND
        • comment tomcat-jsp-2.2-api is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827021
        • comment tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686018
      • AND
        • comment tomcat-docs-webapp is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827007
        • comment tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686014
      • AND
        • comment tomcat-admin-webapps is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827023
        • comment tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686016
      • AND
        • comment tomcat-jsvc is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827011
        • comment tomcat-jsvc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686022
      • AND
        • comment tomcat-webapps is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827013
        • comment tomcat-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686008
      • AND
        • comment tomcat-servlet-3.0-api is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827015
        • comment tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686020
      • AND
        • comment tomcat-javadoc is earlier than 0:7.0.42-6.el7_0
          oval oval:com.redhat.rhsa:tst:20140827009
        • comment tomcat-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686012
    rhsa
    id RHSA-2014:0827
    released 2014-07-02
    severity Moderate
    title RHSA-2014:0827: tomcat security update (Moderate)
  • bugzilla
    id 1102030
    title CVE-2014-0099 Tomcat/JBossWeb: Request smuggling via malicious content length header
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment tomcat6-lib is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865021
        • comment tomcat6-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335018
      • AND
        • comment tomcat6-servlet-2.5-api is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865015
        • comment tomcat6-servlet-2.5-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335010
      • AND
        • comment tomcat6-javadoc is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865009
        • comment tomcat6-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335012
      • AND
        • comment tomcat6-docs-webapp is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865013
        • comment tomcat6-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335020
      • AND
        • comment tomcat6 is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865005
        • comment tomcat6 is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335006
      • AND
        • comment tomcat6-el-2.1-api is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865019
        • comment tomcat6-el-2.1-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335024
      • AND
        • comment tomcat6-jsp-2.1-api is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865017
        • comment tomcat6-jsp-2.1-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335008
      • AND
        • comment tomcat6-webapps is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865007
        • comment tomcat6-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335014
      • AND
        • comment tomcat6-admin-webapps is earlier than 0:6.0.24-72.el6_5
          oval oval:com.redhat.rhsa:tst:20140865011
        • comment tomcat6-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110335022
    rhsa
    id RHSA-2014:0865
    released 2014-07-09
    severity Moderate
    title RHSA-2014:0865: tomcat6 security and bug fix update (Moderate)
  • rhsa
    id RHSA-2015:0675
  • rhsa
    id RHSA-2015:0720
  • rhsa
    id RHSA-2015:0765
rpms
  • tomcat-el-2.2-api-0:7.0.42-6.el7_0
  • tomcat-0:7.0.42-6.el7_0
  • tomcat-lib-0:7.0.42-6.el7_0
  • tomcat-jsp-2.2-api-0:7.0.42-6.el7_0
  • tomcat-docs-webapp-0:7.0.42-6.el7_0
  • tomcat-admin-webapps-0:7.0.42-6.el7_0
  • tomcat-jsvc-0:7.0.42-6.el7_0
  • tomcat-webapps-0:7.0.42-6.el7_0
  • tomcat-servlet-3.0-api-0:7.0.42-6.el7_0
  • tomcat-javadoc-0:7.0.42-6.el7_0
  • tomcat6-lib-0:6.0.24-72.el6_5
  • tomcat6-servlet-2.5-api-0:6.0.24-72.el6_5
  • tomcat6-javadoc-0:6.0.24-72.el6_5
  • tomcat6-docs-webapp-0:6.0.24-72.el6_5
  • tomcat6-0:6.0.24-72.el6_5
  • tomcat6-el-2.1-api-0:6.0.24-72.el6_5
  • tomcat6-jsp-2.1-api-0:6.0.24-72.el6_5
  • tomcat6-webapps-0:6.0.24-72.el6_5
  • tomcat6-admin-webapps-0:6.0.24-72.el6_5
refmap via4
bid 67668
bugtraq
  • 20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure
  • 20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure
  • 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
confirm
debian
  • DSA-3447
  • DSA-3530
fedora FEDORA-2015-2109
fulldisc 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
hp
  • HPSBOV03503
  • HPSBUX03102
  • HPSBUX03150
  • SSRT101681
mandriva
  • MDVSA-2015:052
  • MDVSA-2015:053
  • MDVSA-2015:084
sectrack 1030302
secunia
  • 59121
  • 59678
  • 59732
  • 59835
  • 59849
  • 59873
  • 60729
  • 60793
Last major update 06-01-2017 - 21:59
Published 31-05-2014 - 07:17
Back to Top