Apache Tomcat block Request Remote Denial of Service Vulnerability (CVE-2014-0227)

Apache Tomcat block Request Remote Denial of Service Vulnerability (CVE-2014-0227)
Apache Tomcat block Request Remote Denial of Service Vulnerability (CVE-2014-0227)

Release date:
Updated on:

Affected Systems:

Apache Group Tomcat < 8.0.9
Apache Group Tomcat < 7.0.55
Apache Group Tomcat < 6.0.42

Description:

Bugtraq id: 72717
CVE (CAN) ID: CVE-2014-0227

Apache Tomcat is a popular open-source JSP application server program.

Apache Tomcat versions earlier than 6.0.42, 7.0.55, 8.0.9, java/org/apache/coyote/http11/filters/ChunkedInputFilter. java does not properly process the attempt to continue reading data after an error occurs. A remote attacker transmits the encoded stream data through malformed blocks. This vulnerability can be exploited to perform HTTP request smuggling attacks or cause denial of service (resource depletion ).

<* Source: vendor

Link: http://tomcat.apache.org/security-6.html
*>

Suggestion:

Vendor patch:

Apache Group
------------
Apache Group has released a Security Bulletin (CVE-2014-0227) and patches for this:
CVE-2014-0227: Fixed in Apache Tomcat 6.0.43.
Link: http://tomcat.apache.org/security-6.html

Patch download: http://svn.apache.org/viewvc? View = rev & rev = 1603628

 

Install JDK + Tomcat in RedHat Linux 5.5 and deploy Java Projects

 

Tomcat authoritative guide (second edition) (Chinese/English hd pdf + bookmarks)

 

Tomcat Security Configuration and Performance Optimization

 

How to Use Xshell to view Tomcat real-time logs with Chinese garbled characters in Linux

 

Install JDK and Tomcat in CentOS 64-bit and set the Tomcat Startup Procedure

 

Install Tomcat in CentOS 6.5

 

Tomcat details: click here
Tomcat: click here

 

This article permanently updates the link address: