We found results for “”
CVE-2014-0230
Good to know:
Date: June 7, 2015
Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Language: Java
Severity Score
Related Resources (43)
Severity Score
Weakness Type (CWE)
Resource Management Errors
CWE-399Top Fix
Upgrade Version
Upgrade to version org.apache.tomcat.embed:tomcat-embed-core:8.0.9,7.0.55,org.apache.tomcat:tomcat-coyote:8.0.9,7.0.55
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | HIGH |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | LOW |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | NONE |
Availability (A): | COMPLETE |
Additional information: |