Bug 887557 (CVE-2014-0075) - VUL-0: CVE-2014-0075: tomcat6 tomcat: Integer overflow in the parseChunkHeader
Summary: VUL-0: CVE-2014-0075: tomcat6 tomcat: Integer overflow in the parseChunkHeader
Status: RESOLVED FIXED
Alias: CVE-2014-0075
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-16 13:15 UTC by Marcus Meissner
Modified: 2014-09-01 09:57 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-07-16 13:15:54 UTC 
via cve db CVE-2014-0075

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. 


CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1578337
CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1578341
CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1579262
CONFIRM:http://tomcat.apache.org/security-6.html
CONFIRM:http://tomcat.apache.org/security-7.html
CONFIRM:http://tomcat.apache.org/security-8.html
Comment 1 Marcus Meissner 2014-07-16 13:17:14 UTC 
This issue will be covered by the already running 6.0.41 tomcat6 version upgrade on SLES 11.
Comment 2 Swamp Workflow Management 2014-07-16 22:00:20 UTC 
bugbot adjusting priority
Comment 3 Marcus Meissner 2014-09-01 09:57:31 UTC 
was released