Description

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Remediation

References

http://advisories.mageia.org/MGASA-2015-0081.html

http://archives.neohapsis.com/archives/bugtraq/2015-02/0067.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html

http://marc.info/?l=bugtraq&m=143393515412274&w=2

http://marc.info/?l=bugtraq&m=143393515412274&w=2

http://marc.info/?l=bugtraq&m=143403519711434&w=2

http://marc.info/?l=bugtraq&m=143403519711434&w=2

http://rhn.redhat.com/errata/RHSA-2015-0675.html

http://rhn.redhat.com/errata/RHSA-2015-0720.html

http://rhn.redhat.com/errata/RHSA-2015-0765.html

http://rhn.redhat.com/errata/RHSA-2015-0983.html

http://rhn.redhat.com/errata/RHSA-2015-0991.html

http://svn.apache.org/viewvc?view=revision&revision=1600984

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://www.debian.org/security/2016/dsa-3447

http://www.debian.org/security/2016/dsa-3530

http://www.mandriva.com/security/advisories?name=MDVSA-2015:052

http://www.mandriva.com/security/advisories?name=MDVSA-2015:053

http://www.mandriva.com/security/advisories?name=MDVSA-2015:084

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html

http://www.securityfocus.com/bid/72717

http://www.securitytracker.com/id/1032791

http://www.ubuntu.com/usn/USN-2654-1

http://www.ubuntu.com/usn/USN-2655-1

https://bugzilla.redhat.com/show_bug.cgi?id=1109196

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

https://source.jboss.org/changelog/JBossWeb?cs=2455

Related Vulnerabilities

CVE-2019-1003086 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder

CVE-2018-15685 Vulnerability in maven package org.webjars.npm:electron

CVE-2022-40635 Vulnerability in maven package org.craftercms:craftercms

CVE-2023-50721 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-ui

CVE-2020-2150 Vulnerability in maven package org.jenkins-ci.plugins:quality-gates

Severity

Critical

Classification

CWE-19

Tags

Vendor Advisory