Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0099

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

Related bugs and status

CVE-2014-0099 (Candidate) is related to these bugs:

Bug #1373589: several CVE's for tomcat 6.0.39 in trusty

Summary				In	Importance	Status
	1373589	several CVE's for tomcat 6.0.39 in trusty		tomcat6 (Ubuntu)	Undecided	Expired

Bug #1449975: Outstanding low priority security bugs in the tomcat7 packages

Summary				In	Importance	Status
	1449975	Outstanding low priority security bugs in the tomcat7 packages		tomcat7 (Ubuntu)	Low	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://tomcat.apache.o...
CONFIRM: http://www-01.ibm.com/...
BID: 67668
SECUNIA: 59678
SECUNIA: 59835
SECUNIA: 59873
CONFIRM: http://linux.oracle.co...
CONFIRM: http://www.oracle.com/...
SECUNIA: 59732
SECUNIA: 59849
CONFIRM: http://www-01.ibm.com/...
CONFIRM: http://www-01.ibm.com/...
SECUNIA: 60729
SECUNIA: 60793
BUGTRAQ: 20140527 Re: [SECURITY...
FULLDISC: 20141205 NEW: VMSA-201...
CONFIRM: http://www.vmware.com/...
FEDORA: FEDORA-2015-2109
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:052
REDHAT: RHSA-2015:0675
MANDRIVA: MDVSA-2015:053
REDHAT: RHSA-2015:0720
MANDRIVA: MDVSA-2015:084
REDHAT: RHSA-2015:0765
DEBIAN: DSA-3530
CONFIRM: http://www.oracle.com/...
DEBIAN: DSA-3447
CONFIRM: https://h20564.www2.hp...
SECTRACK: 1030302
SECUNIA: 59121
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
CONFIRM: http://svn.apache.org/...
HP: HPSBUX03150
HP: HPSBOV03503
HP: HPSBUX03102
HP: SSRT101681
FULLDISC: 20140527 [SECURITY] R...
FULLDISC: 20140527 [SECURITY] CV...
BUGTRAQ: 20140527 [SECURITY] CV...
BUGTRAQ: 20141205 NEW: VMSA-201...
MLIST: [tomcat-dev] 20190319 ...
MLIST: [tomcat-dev] 20190325 ...
MLIST: [tomcat-dev] 20190413 ...
MLIST: [tomcat-dev] 20190415 ...
MLIST: [tomcat-dev] 20200203 ...
MLIST: [tomcat-dev] 20200213 ...