CVE-2014-0227

Public on 2015-02-16

Modified on 2015-05-14

Description

It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.

Severity

Medium

See what this means

CVSS v3 Base Score

4.3

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	tomcat6	2015-05-14 14:33	ALAS-2015-525
Amazon Linux 1	tomcat7	2015-05-14 14:38	ALAS-2015-526
Amazon Linux 1	tomcat8	2015-05-14 14:40	ALAS-2015-527

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv2	4.3	AV:N/AC:M/Au:N/C:N/I:P/A:N
NVD	CVSSv2	6.4	AV:N/AC:L/Au:N/C:N/I:P/A:P

References

Red Hat: CVE-2014-0227 Mitre: CVE-2014-0227 FAQs regarding Amazon Linux ALAS/CVE Severity