Cloud Foundry Logo
blog single gear
Blog
Security Advisory

CVE-2014-0227 Apache Tomcat Request Smuggling

by: February 9, 2015

CVE-2014-0227 Apache Tomcat Request Smuggling

Severity

Important

Vendor

Apache Software Foundation

Versions Affected

  • Apache Tomcat 8.0.0-RC1 to 8.0.8 inclusive
  • Apache Tomcat 7.0.0 to 7.0.54 inclusive
  • Apache Tomcat 6.0.0 to 6.0.41 inclusive

Description

It was possible to craft a malformed chunk as part of a chunked request that caused Tomcat to read part of the request body as a new request.

Mitigation

Users of affected versions should apply the following mitigation:

  • Upgrade to tc Runtime 7.0.55.A or later
  • Upgrade to tc Runtime 6.0.43.A or later

Credit

This issue was identified by the Apache Tomcat security team.

References

History

2015-Feb-09: Initial vulnerability report published.

Cloud Foundry Foundation Security Team Profile Image

Cloud Foundry Foundation Security Team, AUTHOR

SEE ALL ARTICLES

You Might Also Like

USN-4293-1: libarchive vulnerabilities
Security Advisory

USN-4293-1: libarchive vulnerabilities

by Cloud Foundry Foundation Security Team March 10, 2020
USN-4071-2: Patch vulnerabilities
Security Advisory

USN-4071-2: Patch vulnerabilities

by Cloud Foundry Foundation Security Team August 29, 2019
USN-5320-1: Expat vulnerabilities and regression
Security Advisory

USN-5320-1: Expat vulnerabilities and regression

by Cloud Foundry Foundation Security Team April 21, 2022
This website uses cookies to offer you a better browsing experience. Find out more about how we use cookies and how you can change your settings. Accept