Bug 887557 - (CVE-2014-0075) VUL-0: CVE-2014-0075: tomcat6 tomcat: Integer overflow in the parseChunkHeader
(CVE-2014-0075)
VUL-0: CVE-2014-0075: tomcat6 tomcat: Integer overflow in the parseChunkHeader
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-07-16 13:15 UTC by Marcus Meissner
Modified: 2014-09-01 09:57 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-07-16 13:15:54 UTC
via cve db CVE-2014-0075

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0075

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data. 


CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1578337
CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1578341
CONFIRM:http://svn.apache.org/viewvc?view=revision&revision=1579262
CONFIRM:http://tomcat.apache.org/security-6.html
CONFIRM:http://tomcat.apache.org/security-7.html
CONFIRM:http://tomcat.apache.org/security-8.html
Comment 1 Marcus Meissner 2014-07-16 13:17:14 UTC
This issue will be covered by the already running 6.0.41 tomcat6 version upgrade on SLES 11.
Comment 2 Swamp Workflow Management 2014-07-16 22:00:20 UTC
bugbot adjusting priority
Comment 3 Marcus Meissner 2014-09-01 09:57:31 UTC
was released