Vulnerability Name: CVE-2014-0095 (CCN-93366) Assigned: 2013-12-03 Published: 2014-05-27 Updated: 2017-11-15 Summary: java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Low
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P 3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Partial
Vulnerability Type: CWE-20 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2014-0095 20140527 [SECURITY] CVE-2014-0095 Apache Tomcat denial of service 59873 60729 http://svn.apache.org/viewvc?view=revision&revision=1578392 Fixed in Apache Tomcat 7.0.54 http://tomcat.apache.org/security-8.html http://www-01.ibm.com/support/docview.wss?uid=swg21678231 http://www-01.ibm.com/support/docview.wss?uid=swg21681528 Tivoli Common Reporting iFixes for CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119,CVE-2014-0878,CVE-2014-0460 Vulnerabilities in Tomcat affect Power Hardware Management Console (CVE-2013-4444, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227) IBM OpenPages GRC Platform, multiple vulnerabilities in bundled version of Apache Tomcat IBM InfoSphere Metadata Asset Manager is subject to a denial of service vulnerability from its use of Apache Tomcat (CVE-2014-0095) Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119) Tivoli Application Dependency Discovery Manager - Open Source Tomcat issues reported between March - May 2014. Apache Tomcat Vulnerabilities in IBM UrbanCode Release (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119) Rational Reporting for Development Intelligence - Open Source Tomcat reported in May 2014 X-Force Report Rational Insight - Open Source Tomcat reported in May 2014 X-Force Report Apache Tomcat Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0075,CVE-2014-0095,CVE-2014-0096,CVE-2014-0099,CVE-2014-0119) Cognos BI Server is affected by the following vulnerabilities: CVE-2014-0107, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0878, CVE-2014-0460 : IBM InfoSphere Guardium Database Activity Monitor is affected by CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119 IBM Rational Connector for SAP Solution Manager (CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119) IBM Cognos Business Viewpoint is affected by the following Apache Tomcat vulnerabilities (CVE-2014-0075, CVE-2014-0095, CVE-2014-0096. CVE-2014-0099, CVE-2014-0119) Multiple Apache Tomcat vulnerabilities in QRadar (CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119) Security vulnerabilities in Apache Tomcat affects multiple IBM Rational products based on IBM's Jazz technology (CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119,) Multiple Security Vulnerabilities in Apache Tomcat affect IBM RLKS Administration and Reporting Tool http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html Apache Tomcat AJP Request Zero Content Length Handling Remote DoS 67673 Apache Tomcat CVE-2014-0095 AJP Request Remote Denial Of Service Vulnerability 1030300 tomcat-cve20140095-dos(93366) CVE-2014-0095 Vulnerable Configuration: Configuration 1 :cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:* OR cpe:/a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:* OR cpe:/a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:* OR cpe:/a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:* OR cpe:/a:apache:tomcat:8.0.1:*:*:*:*:*:*:* OR cpe:/a:apache:tomcat:8.0.3:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:* OR cpe:/a:apache:tomcat:8.0.3:*:*:*:*:*:*:* AND cpe:/a:ibm:cognos_business_intelligence:8.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_guardium:8.2:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_guardium:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:8.7:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_information_server:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_intelligence:10.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_reporting:2.0:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.1:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.3:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.4:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.5:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_reporting:2.0.6:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_viewpoint:10.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cognos_business_viewpoint:10.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_guardium:9.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:3.0.1.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_connector:4:*:*:*:sap_solution_manager:*:*:* OR cpe:/a:ibm:openpages_grc_platform:6.0.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:openpages_grc_platform:6.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_reporting:5.0:*:*:*:development_intelligence:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:4.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_collaborative_lifecycle_management:5.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_insight:1.1.1.3:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.0.1.5:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode_deploy:6.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:urbancode:6.0.1.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.4:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:2.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_common_reporting:3.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.6:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.7:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.8:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.9:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_license_key_server:8.1.4.1:*:*:*:*:*:*:* BACK
apache tomcat 8.0.0 rc1
apache tomcat 8.0.0 rc10
apache tomcat 8.0.0 rc2
apache tomcat 8.0.0 rc5
apache tomcat 8.0.1
apache tomcat 8.0.3
apache tomcat 8.0.0 rc1
apache tomcat 8.0.3
ibm cognos business intelligence 8.4.1
ibm infosphere guardium 8.2
ibm infosphere guardium 9.0
ibm infosphere information server 8.7
ibm infosphere information server 9.1
ibm cognos business intelligence 10.1
ibm cognos business intelligence 10.1.1
ibm cognos business intelligence 10.2
ibm qradar security information and event manager 7.1
ibm rational insight 1.1
ibm rational insight 1.1.1
ibm rational insight 1.1.1.1
ibm cognos business intelligence 10.2.1
ibm qradar security information and event manager 7.2
ibm rational reporting 2.0
ibm rational reporting 2.0.1
ibm rational reporting 2.0.3
ibm rational reporting 2.0.4
ibm rational reporting 2.0.5
ibm rational reporting 2.0.6
ibm urbancode deploy 6.1.0.2
ibm urbancode 6.0
ibm urbancode 6.1
ibm urbancode 6.0.1
ibm cognos business viewpoint 10.1
ibm cognos business viewpoint 10.1.1
ibm urbancode 6.0.0.1
ibm urbancode 6.0.1.1
ibm urbancode 6.0.1.2
ibm urbancode 6.0.1.3
ibm tivoli application dependency discovery manager 7.2
ibm tivoli application dependency discovery manager 7.2.1
ibm tivoli application dependency discovery manager 7.2.2
ibm rational collaborative lifecycle management 3.0.1
ibm rational collaborative lifecycle management 4.0
ibm infosphere guardium 9.1
ibm rational license key server 8.1.4
ibm rational license key server 8.1.4.2
ibm rational license key server 8.1.4.3
ibm rational collaborative lifecycle management 3.0.1.6
ibm rational collaborative lifecycle management 4.0.1
ibm rational collaborative lifecycle management 4.0.2
ibm rational collaborative lifecycle management 4.0.3
ibm rational collaborative lifecycle management 4.0.4
ibm rational collaborative lifecycle management 4.0.5
ibm rational collaborative lifecycle management 4.0.6
ibm rational collaborative lifecycle management 5.0
ibm tivoli application dependency discovery manager 7.1.2
ibm urbancode deploy 6.0
ibm urbancode deploy 6.0.1
ibm urbancode deploy 6.0.1.1
ibm urbancode deploy 6.0.1.2
ibm urbancode deploy 6.0.1.3
ibm rational connector 4
ibm openpages grc platform 6.0.1.5
ibm openpages grc platform 6.1.0.1
ibm rational reporting 5.0
ibm rational insight 1.1.1.4
ibm rational collaborative lifecycle management 4.0.7
ibm rational collaborative lifecycle management 5.0.1
ibm rational insight 1.1.1.2
ibm rational insight 1.1.1.3
ibm urbancode deploy 6.0.1.4
ibm urbancode deploy 6.0.1.5
ibm urbancode deploy 6.1
ibm urbancode deploy 6.1.0.1
ibm urbancode 6.0.1.4
ibm rational license key server 8.1.4.4
ibm rational license key server 8.1.4.5
ibm tivoli common reporting 2.1
ibm tivoli common reporting 2.1.1
ibm tivoli common reporting 3.1
ibm tivoli common reporting 3.1.0.1
ibm tivoli common reporting 3.1.0.2
ibm rational license key server 8.1.4.6
ibm rational license key server 8.1.4.7
ibm rational license key server 8.1.4.8
ibm rational license key server 8.1.4.9
ibm rational license key server 8.1.4.1
Denotes that component is vulnerable