CVE-2014-0186 - A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote att

CVE-2014-0186

Summary

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression.

References

Vulnerable Configurations

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 13-02-2023 - 00:35)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1089884
title	CVE-2014-0186 tomcat7: RHEL-7 regression causing DoS

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment tomcat is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686001
comment tomcat is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686002

AND

comment tomcat-admin-webapps is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686003
comment tomcat-admin-webapps is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686004

AND

comment tomcat-docs-webapp is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686005
comment tomcat-docs-webapp is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686006

AND

comment tomcat-el-2.2-api is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686007
comment tomcat-el-2.2-api is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686008

AND

comment tomcat-javadoc is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686009
comment tomcat-javadoc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686010

AND

comment tomcat-jsp-2.2-api is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686011
comment tomcat-jsp-2.2-api is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686012

AND
comment tomcat-jsvc is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686013
comment tomcat-jsvc is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686014
AND
comment tomcat-lib is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686015
comment tomcat-lib is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686016

AND

comment tomcat-servlet-3.0-api is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686017
comment tomcat-servlet-3.0-api is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686018

AND

comment tomcat-webapps is earlier than 0:7.0.42-5.el7_0
oval oval:com.redhat.rhsa:tst:20140686019
comment tomcat-webapps is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20140686020

rhsa

id	RHSA-2014:0686
released	2014-06-10
severity	Important
title	RHSA-2014:0686: tomcat security update (Important)

rpms

tomcat-0:7.0.42-5.el7_0
tomcat-admin-webapps-0:7.0.42-5.el7_0
tomcat-docs-webapp-0:7.0.42-5.el7_0
tomcat-el-2.2-api-0:7.0.42-5.el7_0
tomcat-javadoc-0:7.0.42-5.el7_0
tomcat-jsp-2.2-api-0:7.0.42-5.el7_0
tomcat-jsvc-0:7.0.42-5.el7_0
tomcat-lib-0:7.0.42-5.el7_0
tomcat-servlet-3.0-api-0:7.0.42-5.el7_0
tomcat-webapps-0:7.0.42-5.el7_0

refmap via4

confirm	https://bugzilla.redhat.com/show_bug.cgi?id=1089884
misc	https://security-tracker.debian.org/tracker/CVE-2014-0186
osvdb	108060

Last major update

13-02-2023 - 00:35

Published

14-06-2014 - 11:18

Last modified

13-02-2023 - 00:35