ID CVE-2014-0186
Summary A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 16-06-2014 - 14:52)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1089884
title CVE-2014-0186 tomcat7: RHEL-7 regression causing DoS
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment tomcat is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686001
        • comment tomcat is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686002
      • AND
        • comment tomcat-admin-webapps is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686003
        • comment tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686004
      • AND
        • comment tomcat-docs-webapp is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686005
        • comment tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686006
      • AND
        • comment tomcat-el-2.2-api is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686007
        • comment tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686008
      • AND
        • comment tomcat-javadoc is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686009
        • comment tomcat-javadoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686010
      • AND
        • comment tomcat-jsp-2.2-api is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686011
        • comment tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686012
      • AND
        • comment tomcat-jsvc is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686013
        • comment tomcat-jsvc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686014
      • AND
        • comment tomcat-lib is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686015
        • comment tomcat-lib is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686016
      • AND
        • comment tomcat-servlet-3.0-api is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686017
        • comment tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686018
      • AND
        • comment tomcat-webapps is earlier than 0:7.0.42-5.el7_0
          oval oval:com.redhat.rhsa:tst:20140686019
        • comment tomcat-webapps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140686020
rhsa
id RHSA-2014:0686
released 2014-06-10
severity Important
title RHSA-2014:0686: tomcat security update (Important)
rpms
  • tomcat-admin-webapps-0:7.0.42-5.el7_0
  • tomcat-docs-webapp-0:7.0.42-5.el7_0
  • tomcat-el-2.2-api-0:7.0.42-5.el7_0
  • tomcat-javadoc-0:7.0.42-5.el7_0
  • tomcat-jsp-2.2-api-0:7.0.42-5.el7_0
  • tomcat-jsvc-0:7.0.42-5.el7_0
  • tomcat-lib-0:7.0.42-5.el7_0
  • tomcat-servlet-3.0-api-0:7.0.42-5.el7_0
  • tomcat-webapps-0:7.0.42-5.el7_0
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1089884
misc https://security-tracker.debian.org/tracker/CVE-2014-0186
osvdb 108060
Last major update 16-06-2014 - 14:52
Published 14-06-2014 - 11:18
Last modified 16-06-2014 - 14:52
Back to Top