csaf_redhat - rhsa-2014

rhsa-2014_0843

Vulnerability from csaf_redhat

Published

2014-07-07 14:49

Modified

2024-09-15 21:33

Summary

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update

Notes

Topic

Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Details

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was discovered that JBoss Web did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web by streaming an unlimited quantity of data, leading to excessive consumption of server resources. (CVE-2014-0075) It was found that JBoss Web did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web server located behind a reverse proxy that processed the content length header correctly. (CVE-2014-0099) It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information. (CVE-2014-0096) It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web instance. (CVE-2014-0119) The CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product Security. All users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat Enterprise Linux 5 and 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Red Hat JBoss Enterprise Application Platform 6.2.4 packages that\nfix multiple security issues are now available for Red Hat Enterprise Linux\n5 and 6.\n\nThe Red Hat Security Response Team has rated this update as having Moderate\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Enterprise Application Platform 6 is a platform for Java\napplications based on JBoss Application Server 7.\n\nIt was discovered that JBoss Web did not limit the length of chunk sizes\nwhen using chunked transfer encoding. A remote attacker could use this flaw\nto perform a denial of service attack against JBoss Web by streaming an\nunlimited quantity of data, leading to excessive consumption of server\nresources. (CVE-2014-0075)\n\nIt was found that JBoss Web did not check for overflowing values when\nparsing request content length headers. A remote attacker could use this\nflaw to perform an HTTP request smuggling attack on a JBoss Web server\nlocated behind a reverse proxy that processed the content length header\ncorrectly. (CVE-2014-0099)\n\nIt was found that the org.apache.catalina.servlets.DefaultServlet\nimplementation in JBoss Web allowed the definition of XML External Entities\n(XXEs) in provided XSLTs. A malicious application could use this to\ncircumvent intended security restrictions to disclose sensitive\ninformation. (CVE-2014-0096)\n\nIt was found that, in certain circumstances, it was possible for a\nmalicious web application to replace the XML parsers used by JBoss Web to\nprocess XSLTs for the default servlet, JSP documents, tag library\ndescriptors (TLDs), and tag plug-in configuration files. The injected XML\nparser(s) could then bypass the limits imposed on XML external entities\nand/or gain access to the XML files processed for other web applications\ndeployed on the same JBoss Web instance. (CVE-2014-0119)\n\nThe CVE-2014-0075 issue was discovered by David Jorm of Red Hat Product\nSecurity.\n\nAll users of Red Hat JBoss Enterprise Application Platform 6.2.4 on Red Hat\nEnterprise Linux 5 and 6 are advised to upgrade to these updated packages.\nThe JBoss server process must be restarted for the update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2014:0843",
        "url": "https://access.redhat.com/errata/RHSA-2014:0843"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1072776",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
      },
      {
        "category": "external",
        "summary": "1088342",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
      },
      {
        "category": "external",
        "summary": "1102030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
      },
      {
        "category": "external",
        "summary": "1102038",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102038"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2014/rhsa-2014_0843.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.2.4 security update",
    "tracking": {
      "current_release_date": "2024-09-15T21:33:22+00:00",
      "generator": {
        "date": "2024-09-15T21:33:22+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2014:0843",
      "initial_release_date": "2014-07-07T14:49:49+00:00",
      "revision_history": [
        {
          "date": "2014-07-07T14:49:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2014-07-07T14:49:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-15T21:33:22+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server",
                  "product_id": "6Server-JBEAP-6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server",
                  "product_id": "5Server-JBEAP-6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Enterprise Application Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
                "product": {
                  "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
                  "product_id": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.3.2-4.Final_redhat_3.1.ep6.el6?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
                "product": {
                  "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
                  "product_id": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.3.2-4.Final_redhat_3.1.ep6.el5?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src",
                "product": {
                  "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src",
                  "product_id": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.3.2-4.Final_redhat_3.1.ep6.el6?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
                "product": {
                  "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
                  "product_id": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jbossweb@7.3.2-4.Final_redhat_3.1.ep6.el5?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch"
        },
        "product_reference": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
        "relates_to_product_reference": "5Server-JBEAP-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5 Server",
          "product_id": "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src"
        },
        "product_reference": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
        "relates_to_product_reference": "5Server-JBEAP-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch"
        },
        "product_reference": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
        "relates_to_product_reference": "6Server-JBEAP-6.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src as a component of Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6 Server",
          "product_id": "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
        },
        "product_reference": "jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src",
        "relates_to_product_reference": "6Server-JBEAP-6.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "David Jorm"
          ],
          "organization": "Red Hat Product Security",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2014-0075",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2014-02-28T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1072776"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was discovered that JBoss Web / Apache Tomcat did not limit the length of chunk sizes when using chunked transfer encoding. A remote attacker could use this flaw to perform a denial of service attack against JBoss Web / Apache Tomcat by streaming an unlimited quantity of data, leading to excessive consumption of server resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for  Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0075"
        },
        {
          "category": "external",
          "summary": "RHBZ#1072776",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1072776"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0075",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0075"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0075"
        }
      ],
      "release_date": "2014-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0843"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Tomcat/JBossWeb: Limited DoS in chunked transfer encoding input filter"
    },
    {
      "cve": "CVE-2014-0096",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2014-04-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1088342"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the org.apache.catalina.servlets.DefaultServlet implementation in JBoss Web / Apache Tomcat allowed the definition of XML External Entities (XXEs) in provided XSLTs. A malicious application could use this to circumvent intended security restrictions to disclose sensitive information.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Low security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for  Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0096"
        },
        {
          "category": "external",
          "summary": "RHBZ#1088342",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1088342"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0096",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0096"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0096"
        }
      ],
      "release_date": "2014-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0843"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Tomcat/JBossWeb: XXE vulnerability via user supplied XSLTs"
    },
    {
      "cve": "CVE-2014-0099",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2014-05-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1102030"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that JBoss Web / Apache Tomcat did not check for overflowing values when parsing request content length headers. A remote attacker could use this flaw to perform an HTTP request smuggling attack on a JBoss Web / Apache Tomcat server located behind a reverse proxy that processed the content length header correctly.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat/JBossWeb: Request smuggling via malicious content length header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue does affect JBossWeb as shipped in Red Hat JBoss Enterprise Application Platform 5. Red Hat Product Security has rated this issue as having Moderate security impact. Red Hat JBoss Enterprise Application Platform 5 is currently in reduced support phase (Phase 2: Maintenance Support), receiving only Critical and Important security updates, hence this issue is not currently planned to be addressed in future updates for  Red Hat Enterprise Application Platform 5. For additional information, refer to the Red Hat JBoss Middleware and Red Hat JBoss Operations Network Product Update and Support Policy: https://access.redhat.com/support/policy/updates/jboss_notes/ and the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0099"
        },
        {
          "category": "external",
          "summary": "RHBZ#1102030",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102030"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0099",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0099"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0099"
        }
      ],
      "release_date": "2014-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0843"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Tomcat/JBossWeb: Request smuggling via malicious content length header"
    },
    {
      "cve": "CVE-2014-0119",
      "cwe": {
        "id": "CWE-470",
        "name": "Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027)"
      },
      "discovery_date": "2014-05-27T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1102038"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that, in certain circumstances, it was possible for a malicious web application to replace the XML parsers used by JBoss Web / Apache Tomcat to process XSLTs for the default servlet, JSP documents, tag library descriptors (TLDs), and tag plug-in configuration files. The injected XML parser(s) could then bypass the limits imposed on XML external entities and/or gain access to the XML files processed for other web applications deployed on the same JBoss Web / Apache Tomcat instance.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Tomcat/JBossWeb: XML parser hijack by malicious web application",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
          "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
          "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2014-0119"
        },
        {
          "category": "external",
          "summary": "RHBZ#1102038",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1102038"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2014-0119",
          "url": "https://www.cve.org/CVERecord?id=CVE-2014-0119"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0119"
        }
      ],
      "release_date": "2014-05-27T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied. Also, back up any customized Red\nHat JBoss Enterprise Application Platform 6 configuration files. On update,\nthe configuration files that have been locally modified will not be\nupdated. The updated version of such files will be stored as the rpmnew\nfiles. Make sure to locate any such files after the update and merge any\nchanges manually.\n\nThis update is available via the Red Hat Network. Details on how to use the\nRed Hat Network to apply this update are available at\nhttps://access.redhat.com/site/articles/11258",
          "product_ids": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2014:0843"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.noarch",
            "5Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el5.src",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.noarch",
            "6Server-JBEAP-6.2:jbossweb-0:7.3.2-4.Final_redhat_3.1.ep6.el6.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "Tomcat/JBossWeb: XML parser hijack by malicious web application"
    }
  ]
}

cve-2014-0075

Vulnerability from cvelistv5

Published

2014-05-31 10:00

Modified

2024-08-06 09:05

Severity

Summary

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.

References

URL	Tags
http://svn.apache.org/viewvc?view=revision&revision=1578337	x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0268.html	x_refsource_CONFIRM
http://www.novell.com/support/kb/doc.php?id=7010166	x_refsource_CONFIRM
http://secunia.com/advisories/59121	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0765.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59732	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59835	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0675.html	vendor-advisory, x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681528	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052	vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2015-0720.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59849	third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-0865.html	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084	vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/59678	third-party-advisory, x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1578341	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://svn.apache.org/viewvc?view=revision&revision=1579262	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053	vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141390017113542&w=2	vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html	vendor-advisory, x_refsource_FEDORA
http://www.securityfocus.com/bid/67671	vdb-entry, x_refsource_BID
http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678231	x_refsource_CONFIRM
http://secunia.com/advisories/59616	third-party-advisory, x_refsource_SECUNIA
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	x_refsource_CONFIRM
http://secunia.com/advisories/59873	third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/Dec/23	mailing-list, x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=144498216801440&w=2	vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3447	vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/60729	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60793	third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21680603	x_refsource_CONFIRM
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:38.500Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
          },
          {
            "name": "59121",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59121"
          },
          {
            "name": "RHSA-2015:0765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "59732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59732"
          },
          {
            "name": "59835",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59835"
          },
          {
            "name": "RHSA-2015:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
          },
          {
            "name": "MDVSA-2015:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
          },
          {
            "name": "RHSA-2015:0720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "name": "59849",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59849"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
          },
          {
            "name": "MDVSA-2015:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
          },
          {
            "name": "DSA-3530",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "name": "59678",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59678"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
          },
          {
            "name": "HPSBUX03102",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
          },
          {
            "name": "MDVSA-2015:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "HPSBUX03150",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
          },
          {
            "name": "FEDORA-2015-2109",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
          },
          {
            "name": "67671",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67671"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
          },
          {
            "name": "59616",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59616"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "59873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59873"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "HPSBOV03503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
          },
          {
            "name": "SSRT101681",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "name": "DSA-3447",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3447"
          },
          {
            "name": "60729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60729"
          },
          {
            "name": "60793",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60793"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:10:10",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
        },
        {
          "name": "59121",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59121"
        },
        {
          "name": "RHSA-2015:0765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
        },
        {
          "name": "59732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59732"
        },
        {
          "name": "59835",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59835"
        },
        {
          "name": "RHSA-2015:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
        },
        {
          "name": "MDVSA-2015:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
        },
        {
          "name": "RHSA-2015:0720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
        },
        {
          "name": "59849",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59849"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
        },
        {
          "name": "MDVSA-2015:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
        },
        {
          "name": "DSA-3530",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3530"
        },
        {
          "name": "59678",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59678"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
        },
        {
          "name": "HPSBUX03102",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
        },
        {
          "name": "MDVSA-2015:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "HPSBUX03150",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
        },
        {
          "name": "FEDORA-2015-2109",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
        },
        {
          "name": "67671",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67671"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-8.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
        },
        {
          "name": "59616",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59616"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "59873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59873"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "HPSBOV03503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
        },
        {
          "name": "SSRT101681",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "name": "DSA-3447",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3447"
        },
        {
          "name": "60729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60729"
        },
        {
          "name": "60793",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60793"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0075",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578337"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7010166",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
            },
            {
              "name": "59121",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59121"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "59732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59732"
            },
            {
              "name": "59835",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59835"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
            },
            {
              "name": "MDVSA-2015:052",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "59849",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59849"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
            },
            {
              "name": "MDVSA-2015:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "59678",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59678"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578341"
            },
            {
              "name": "HPSBUX03102",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1579262"
            },
            {
              "name": "MDVSA-2015:053",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "HPSBUX03150",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
            },
            {
              "name": "FEDORA-2015-2109",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
            },
            {
              "name": "67671",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67671"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
            },
            {
              "name": "59616",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59616"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "59873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59873"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "HPSBOV03503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
            },
            {
              "name": "SSRT101681",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "DSA-3447",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3447"
            },
            {
              "name": "60729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60729"
            },
            {
              "name": "60793",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60793"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0075",
    "datePublished": "2014-05-31T10:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:38.500Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0096

Vulnerability from cvelistv5

Published

2014-05-31 10:00

Modified

2024-08-06 09:05

Severity

Summary

java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

URL	Tags
http://advisories.mageia.org/MGASA-2014-0268.html	x_refsource_CONFIRM
http://www.novell.com/support/kb/doc.php?id=7010166	x_refsource_CONFIRM
http://www.securityfocus.com/bid/67667	vdb-entry, x_refsource_BID
http://secunia.com/advisories/59121	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0765.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59732	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59835	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0675.html	vendor-advisory, x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681528	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052	vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2015-0720.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59849	third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-0865.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1578637	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084	vendor-advisory, x_refsource_MANDRIVA
http://www.securitytracker.com/id/1030301	vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/59678	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053	vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html	vendor-advisory, x_refsource_FEDORA
http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678231	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1585853	x_refsource_CONFIRM
http://secunia.com/advisories/59616	third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/May/135	mailing-list, x_refsource_FULLDISC
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1578655	x_refsource_CONFIRM
http://secunia.com/advisories/59873	third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/Dec/23	mailing-list, x_refsource_FULLDISC
http://marc.info/?l=bugtraq&m=144498216801440&w=2	vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1578610	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1578611	x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/60729	third-party-advisory, x_refsource_SECUNIA
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:38.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
          },
          {
            "name": "67667",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67667"
          },
          {
            "name": "59121",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59121"
          },
          {
            "name": "RHSA-2015:0765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "59732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59732"
          },
          {
            "name": "59835",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59835"
          },
          {
            "name": "RHSA-2015:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
          },
          {
            "name": "MDVSA-2015:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
          },
          {
            "name": "RHSA-2015:0720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "name": "59849",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59849"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637"
          },
          {
            "name": "MDVSA-2015:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
          },
          {
            "name": "1030301",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030301"
          },
          {
            "name": "DSA-3530",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "name": "59678",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59678"
          },
          {
            "name": "HPSBUX03102",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "MDVSA-2015:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "FEDORA-2015-2109",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853"
          },
          {
            "name": "59616",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59616"
          },
          {
            "name": "20140527 [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/May/135"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655"
          },
          {
            "name": "59873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59873"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "HPSBOV03503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
          },
          {
            "name": "SSRT101681",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611"
          },
          {
            "name": "DSA-3552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3552"
          },
          {
            "name": "60729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60729"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:09:49",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
        },
        {
          "name": "67667",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67667"
        },
        {
          "name": "59121",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59121"
        },
        {
          "name": "RHSA-2015:0765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
        },
        {
          "name": "59732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59732"
        },
        {
          "name": "59835",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59835"
        },
        {
          "name": "RHSA-2015:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
        },
        {
          "name": "MDVSA-2015:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
        },
        {
          "name": "RHSA-2015:0720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
        },
        {
          "name": "59849",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59849"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637"
        },
        {
          "name": "MDVSA-2015:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
        },
        {
          "name": "1030301",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030301"
        },
        {
          "name": "DSA-3530",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3530"
        },
        {
          "name": "59678",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59678"
        },
        {
          "name": "HPSBUX03102",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "MDVSA-2015:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "FEDORA-2015-2109",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-8.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853"
        },
        {
          "name": "59616",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59616"
        },
        {
          "name": "20140527 [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/May/135"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655"
        },
        {
          "name": "59873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59873"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "HPSBOV03503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
        },
        {
          "name": "SSRT101681",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611"
        },
        {
          "name": "DSA-3552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3552"
        },
        {
          "name": "60729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60729"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0096",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
            },
            {
              "name": "http://www.novell.com/support/kb/doc.php?id=7010166",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/kb/doc.php?id=7010166"
            },
            {
              "name": "67667",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67667"
            },
            {
              "name": "59121",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59121"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "59732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59732"
            },
            {
              "name": "59835",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59835"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
            },
            {
              "name": "MDVSA-2015:052",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "59849",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59849"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578637"
            },
            {
              "name": "MDVSA-2015:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
            },
            {
              "name": "1030301",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030301"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "59678",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59678"
            },
            {
              "name": "HPSBUX03102",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "MDVSA-2015:053",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "FEDORA-2015-2109",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1585853"
            },
            {
              "name": "59616",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59616"
            },
            {
              "name": "20140527 [SECURITY] CVE-2014-0096 Apache Tomcat information disclosure",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/May/135"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578655"
            },
            {
              "name": "59873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59873"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "HPSBOV03503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
            },
            {
              "name": "SSRT101681",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578610"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578611"
            },
            {
              "name": "DSA-3552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3552"
            },
            {
              "name": "60729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60729"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0096",
    "datePublished": "2014-05-31T10:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:38.741Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0119

Vulnerability from cvelistv5

Published

2014-05-31 10:00

Modified

2024-08-06 09:05

Severity

Summary

Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.

References

URL	Tags
http://svn.apache.org/viewvc?view=revision&revision=1590036	x_refsource_CONFIRM
http://advisories.mageia.org/MGASA-2014-0268.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589837	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2654-1	vendor-advisory, x_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2015-0765.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59732	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0675.html	vendor-advisory, x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681528	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052	vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2015-0720.html	vendor-advisory, x_refsource_REDHAT
http://svn.apache.org/viewvc?view=revision&revision=1590028	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589992	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084	vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1589983	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053	vendor-advisory, x_refsource_MANDRIVA
http://svn.apache.org/viewvc?view=revision&revision=1588199	x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589997	x_refsource_CONFIRM
http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678231	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589980	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1589640	x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	x_refsource_CONFIRM
http://secunia.com/advisories/59873	third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/May/141	mailing-list, x_refsource_FULLDISC
http://svn.apache.org/viewvc?view=revision&revision=1589985	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1593815	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Dec/23	mailing-list, x_refsource_FULLDISC
http://svn.apache.org/viewvc?view=revision&revision=1589990	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=144498216801440&w=2	vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1588193	x_refsource_CONFIRM
http://www.securityfocus.com/bid/67669	vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1030298	vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2016/dsa-3552	vendor-advisory, x_refsource_DEBIAN
http://svn.apache.org/viewvc?view=revision&revision=1593821	x_refsource_CONFIRM
http://secunia.com/advisories/60729	third-party-advisory, x_refsource_SECUNIA
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:39.129Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
          },
          {
            "name": "USN-2654-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2654-1"
          },
          {
            "name": "RHSA-2015:0765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "59732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59732"
          },
          {
            "name": "RHSA-2015:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
          },
          {
            "name": "MDVSA-2015:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
          },
          {
            "name": "RHSA-2015:0720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
          },
          {
            "name": "MDVSA-2015:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
          },
          {
            "name": "DSA-3530",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
          },
          {
            "name": "HPSBUX03102",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "MDVSA-2015:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "59873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59873"
          },
          {
            "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/May/141"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
          },
          {
            "name": "HPSBOV03503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
          },
          {
            "name": "SSRT101681",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
          },
          {
            "name": "67669",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67669"
          },
          {
            "name": "1030298",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030298"
          },
          {
            "name": "DSA-3552",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
          },
          {
            "name": "60729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60729"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:10:07",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
        },
        {
          "name": "USN-2654-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2654-1"
        },
        {
          "name": "RHSA-2015:0765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
        },
        {
          "name": "59732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59732"
        },
        {
          "name": "RHSA-2015:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
        },
        {
          "name": "MDVSA-2015:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
        },
        {
          "name": "RHSA-2015:0720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
        },
        {
          "name": "MDVSA-2015:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
        },
        {
          "name": "DSA-3530",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3530"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
        },
        {
          "name": "HPSBUX03102",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "MDVSA-2015:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-8.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "59873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59873"
        },
        {
          "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/May/141"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
        },
        {
          "name": "HPSBOV03503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
        },
        {
          "name": "SSRT101681",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
        },
        {
          "name": "67669",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67669"
        },
        {
          "name": "1030298",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030298"
        },
        {
          "name": "DSA-3552",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
        },
        {
          "name": "60729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60729"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0119",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590036"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589837"
            },
            {
              "name": "USN-2654-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2654-1"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "59732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59732"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
            },
            {
              "name": "MDVSA-2015:052",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1590028"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589992"
            },
            {
              "name": "MDVSA-2015:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589983"
            },
            {
              "name": "HPSBUX03102",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "MDVSA-2015:053",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588199"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589997"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589980"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589640"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "59873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59873"
            },
            {
              "name": "20140527 [SECURITY] CVE-2014-0119 Apache Tomcat information disclosure",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/May/141"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589985"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593815"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1589990"
            },
            {
              "name": "HPSBOV03503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
            },
            {
              "name": "SSRT101681",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1588193"
            },
            {
              "name": "67669",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67669"
            },
            {
              "name": "1030298",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030298"
            },
            {
              "name": "DSA-3552",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3552"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1593821"
            },
            {
              "name": "60729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60729"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0119",
    "datePublished": "2014-05-31T10:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:39.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2014-0099

Vulnerability from cvelistv5

Published

2014-05-31 10:00

Modified

2024-08-06 09:05

Severity

Summary

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

References

URL	Tags
http://advisories.mageia.org/MGASA-2014-0268.html	x_refsource_CONFIRM
http://secunia.com/advisories/59121	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2015-0765.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/59732	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/59835	third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/532221/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://rhn.redhat.com/errata/RHSA-2015-0675.html	vendor-advisory, x_refsource_REDHAT
http://www.vmware.com/security/advisories/VMSA-2014-0012.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21681528	x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052	vendor-advisory, x_refsource_MANDRIVA
http://rhn.redhat.com/errata/RHSA-2015-0720.html	vendor-advisory, x_refsource_REDHAT
http://seclists.org/fulldisclosure/2014/May/140	mailing-list, x_refsource_FULLDISC
http://secunia.com/advisories/59849	third-party-advisory, x_refsource_SECUNIA
http://linux.oracle.com/errata/ELSA-2014-0865.html	x_refsource_CONFIRM
http://www.securityfocus.com/bid/67668	vdb-entry, x_refsource_BID
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084	vendor-advisory, x_refsource_MANDRIVA
http://www.debian.org/security/2016/dsa-3530	vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/59678	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://www.securityfocus.com/archive/1/532218/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://tomcat.apache.org/security-7.html	x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534161/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
http://www.mandriva.com/security/advisories?name=MDVSA-2015:053	vendor-advisory, x_refsource_MANDRIVA
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=141390017113542&w=2	vendor-advisory, x_refsource_HP
http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html	vendor-advisory, x_refsource_FEDORA
http://tomcat.apache.org/security-8.html	x_refsource_CONFIRM
http://www-01.ibm.com/support/docview.wss?uid=swg21678231	x_refsource_CONFIRM
http://tomcat.apache.org/security-6.html	x_refsource_CONFIRM
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013	x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html	x_refsource_CONFIRM
http://secunia.com/advisories/59873	third-party-advisory, x_refsource_SECUNIA
http://svn.apache.org/viewvc?view=revision&revision=1578814	x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2014/Dec/23	mailing-list, x_refsource_FULLDISC
http://www.securitytracker.com/id/1030302	vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=144498216801440&w=2	vendor-advisory, x_refsource_HP
http://marc.info/?l=bugtraq&m=141017844705317&w=2	vendor-advisory, x_refsource_HP
http://svn.apache.org/viewvc?view=revision&revision=1578812	x_refsource_CONFIRM
http://svn.apache.org/viewvc?view=revision&revision=1580473	x_refsource_CONFIRM
http://www.debian.org/security/2016/dsa-3447	vendor-advisory, x_refsource_DEBIAN
http://secunia.com/advisories/60729	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/60793	third-party-advisory, x_refsource_SECUNIA
http://seclists.org/fulldisclosure/2014/May/138	mailing-list, x_refsource_FULLDISC
http://www-01.ibm.com/support/docview.wss?uid=swg21680603	x_refsource_CONFIRM
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:05:38.296Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
          },
          {
            "name": "59121",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59121"
          },
          {
            "name": "RHSA-2015:0765",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
          },
          {
            "name": "59732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59732"
          },
          {
            "name": "59835",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59835"
          },
          {
            "name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
          },
          {
            "name": "RHSA-2015:0675",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
          },
          {
            "name": "MDVSA-2015:052",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
          },
          {
            "name": "RHSA-2015:0720",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
          },
          {
            "name": "20140527 [SECURITY]  Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/May/140"
          },
          {
            "name": "59849",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59849"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
          },
          {
            "name": "67668",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/67668"
          },
          {
            "name": "MDVSA-2015:084",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
          },
          {
            "name": "DSA-3530",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3530"
          },
          {
            "name": "59678",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59678"
          },
          {
            "name": "HPSBUX03102",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-7.html"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
          },
          {
            "name": "MDVSA-2015:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "HPSBUX03150",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
          },
          {
            "name": "FEDORA-2015-2109",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-8.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tomcat.apache.org/security-6.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
          },
          {
            "name": "59873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59873"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
          },
          {
            "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
          },
          {
            "name": "1030302",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030302"
          },
          {
            "name": "HPSBOV03503",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
          },
          {
            "name": "SSRT101681",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
          },
          {
            "name": "DSA-3447",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3447"
          },
          {
            "name": "60729",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60729"
          },
          {
            "name": "60793",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60793"
          },
          {
            "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2014/May/138"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-13T16:09:53",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
        },
        {
          "name": "59121",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59121"
        },
        {
          "name": "RHSA-2015:0765",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
        },
        {
          "name": "59732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59732"
        },
        {
          "name": "59835",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59835"
        },
        {
          "name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
        },
        {
          "name": "RHSA-2015:0675",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
        },
        {
          "name": "MDVSA-2015:052",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
        },
        {
          "name": "RHSA-2015:0720",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
        },
        {
          "name": "20140527 [SECURITY]  Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/May/140"
        },
        {
          "name": "59849",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59849"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
        },
        {
          "name": "67668",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/67668"
        },
        {
          "name": "MDVSA-2015:084",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
        },
        {
          "name": "DSA-3530",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3530"
        },
        {
          "name": "59678",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59678"
        },
        {
          "name": "HPSBUX03102",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-7.html"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
        },
        {
          "name": "MDVSA-2015:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
        },
        {
          "name": "HPSBUX03150",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
        },
        {
          "name": "FEDORA-2015-2109",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-8.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tomcat.apache.org/security-6.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
        },
        {
          "name": "59873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59873"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
        },
        {
          "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
        },
        {
          "name": "1030302",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030302"
        },
        {
          "name": "HPSBOV03503",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
        },
        {
          "name": "SSRT101681",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
        },
        {
          "name": "DSA-3447",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3447"
        },
        {
          "name": "60729",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60729"
        },
        {
          "name": "60793",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60793"
        },
        {
          "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2014/May/138"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-0099",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0268.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0268.html"
            },
            {
              "name": "59121",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59121"
            },
            {
              "name": "RHSA-2015:0765",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html"
            },
            {
              "name": "59732",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59732"
            },
            {
              "name": "59835",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59835"
            },
            {
              "name": "20140527 Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532221/100/0/threaded"
            },
            {
              "name": "RHSA-2015:0675",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html"
            },
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681528"
            },
            {
              "name": "MDVSA-2015:052",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
            },
            {
              "name": "RHSA-2015:0720",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html"
            },
            {
              "name": "20140527 [SECURITY]  Re: [SECURITY] CVE-2014-0099 Apache Tomcat information disclosure",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/May/140"
            },
            {
              "name": "59849",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59849"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2014-0865.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2014-0865.html"
            },
            {
              "name": "67668",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/67668"
            },
            {
              "name": "MDVSA-2015:084",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:084"
            },
            {
              "name": "DSA-3530",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3530"
            },
            {
              "name": "59678",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59678"
            },
            {
              "name": "HPSBUX03102",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532218/100/0/threaded"
            },
            {
              "name": "http://tomcat.apache.org/security-7.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-7.html"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
            },
            {
              "name": "MDVSA-2015:053",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:053"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "HPSBUX03150",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141390017113542\u0026w=2"
            },
            {
              "name": "FEDORA-2015-2109",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150282.html"
            },
            {
              "name": "http://tomcat.apache.org/security-8.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-8.html"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
            },
            {
              "name": "http://tomcat.apache.org/security-6.html",
              "refsource": "CONFIRM",
              "url": "http://tomcat.apache.org/security-6.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
            },
            {
              "name": "59873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59873"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578814"
            },
            {
              "name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/Dec/23"
            },
            {
              "name": "1030302",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030302"
            },
            {
              "name": "HPSBOV03503",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=144498216801440\u0026w=2"
            },
            {
              "name": "SSRT101681",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=141017844705317\u0026w=2"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1578812"
            },
            {
              "name": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473",
              "refsource": "CONFIRM",
              "url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1580473"
            },
            {
              "name": "DSA-3447",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3447"
            },
            {
              "name": "60729",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60729"
            },
            {
              "name": "60793",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60793"
            },
            {
              "name": "20140527 [SECURITY] CVE-2014-0097 Apache Tomcat information disclosure",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2014/May/138"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680603"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-0099",
    "datePublished": "2014-05-31T10:00:00",
    "dateReserved": "2013-12-03T00:00:00",
    "dateUpdated": "2024-08-06T09:05:38.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2014_0843

Vulnerability from csaf_redhat

cve-2014-0075

Vulnerability from cvelistv5

cve-2014-0096

Vulnerability from cvelistv5

cve-2014-0119

Vulnerability from cvelistv5

cve-2014-0099

Vulnerability from cvelistv5

Tags