Signature Detail
Short Name |
HTTP:APACHE:APACHE-CHUNKREQ-DOS |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Tomcat Malformed Chunk Request Handling Remote Denial Of Service |
Release Date |
2014/08/04 |
Update Number |
2405 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-11.4+, vsrx-12.1+ |
HTTP: Apache Tomcat Malformed Chunk Request Handling Remote Denial Of Service
This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful attack can result in a denial-of-service condition.
Extended Description
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Affected Products
- apache tomcat 6
- apache tomcat 6.0
- apache tomcat 6.0.0
- apache tomcat 6.0.1
- apache tomcat 6.0.10
- apache tomcat 6.0.11
- apache tomcat 6.0.12
- apache tomcat 6.0.13
- apache tomcat 6.0.14
- apache tomcat 6.0.15
- apache tomcat 6.0.16
- apache tomcat 6.0.17
- apache tomcat 6.0.18
- apache tomcat 6.0.19
- apache tomcat 6.0.2
- apache tomcat 6.0.20
- apache tomcat 6.0.24
- apache tomcat 6.0.26
- apache tomcat 6.0.27
- apache tomcat 6.0.28
- apache tomcat 6.0.29
- apache tomcat 6.0.3
- apache tomcat 6.0.30
- apache tomcat 6.0.31
- apache tomcat 6.0.32
- apache tomcat 6.0.33
- apache tomcat 6.0.35
- apache tomcat 6.0.36
- apache tomcat 6.0.37
- apache tomcat 6.0.39
- apache tomcat 6.0.4
- apache tomcat 6.0.5
- apache tomcat 6.0.6
- apache tomcat 6.0.7
- apache tomcat 6.0.8
- apache tomcat 6.0.9
- apache tomcat 7.0.0
- apache tomcat 7.0.1
- apache tomcat 7.0.10
- apache tomcat 7.0.11
- apache tomcat 7.0.12
- apache tomcat 7.0.13
- apache tomcat 7.0.14
- apache tomcat 7.0.15
- apache tomcat 7.0.16
- apache tomcat 7.0.17
- apache tomcat 7.0.18
- apache tomcat 7.0.19
- apache tomcat 7.0.2
- apache tomcat 7.0.20
- apache tomcat 7.0.21
- apache tomcat 7.0.22
- apache tomcat 7.0.23
- apache tomcat 7.0.24
- apache tomcat 7.0.25
- apache tomcat 7.0.26
- apache tomcat 7.0.27
- apache tomcat 7.0.28
- apache tomcat 7.0.29
- apache tomcat 7.0.3
- apache tomcat 7.0.30
- apache tomcat 7.0.31
- apache tomcat 7.0.32
- apache tomcat 7.0.33
- apache tomcat 7.0.34
- apache tomcat 7.0.35
- apache tomcat 7.0.36
- apache tomcat 7.0.37
- apache tomcat 7.0.38
- apache tomcat 7.0.39
- apache tomcat 7.0.4
- apache tomcat 7.0.40
- apache tomcat 7.0.41
- apache tomcat 7.0.42
- apache tomcat 7.0.43
- apache tomcat 7.0.44
- apache tomcat 7.0.45
- apache tomcat 7.0.46
- apache tomcat 7.0.47
- apache tomcat 7.0.48
- apache tomcat 7.0.49
- apache tomcat 7.0.5
- apache tomcat 7.0.50
- apache tomcat 7.0.52
- apache tomcat 7.0.6
- apache tomcat 7.0.7
- apache tomcat 7.0.8
- apache tomcat 7.0.9
- apache tomcat 8.0.0
- apache tomcat 8.0.1
- apache tomcat 8.0.3
References
- BugTraq: 67671
- CVE: CVE-2014-0075