Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache Tomcat Numeric Errors Vulnerability (CVE-2014-0075)

Description

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

Remediation

References

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33944)

XWiki Improper Handling of Insufficient Privileges Vulnerability (CVE-2024-21648)

Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-25983)

Oracle Application Server Other Vulnerability (CVE-2007-3859)

phpMyFAQ Authentication Bypass by Capture-replay Vulnerability (CVE-2023-1886)

Severity

Medium

Classification

CVE-2014-0075

Tags

Missing Update Known Vulnerabilities