CVE-2014-0075
Integer overflow vulnerability in tomcat (Maven)
What is CVE-2014-0075 About?
This is an Integer Overflow vulnerability in Apache Tomcat's `ChunkedInputFilter`, occurring during the parsing of chunked transfer coding. Successful exploitation can lead to a denial of service through resource exhaustion, and is remotely exploitable with a crafted HTTP request.
Affected Software
- org.apache.tomcat:tomcat
- >7.0.0, <7.0.53
- <6.0.40
- >8.0.0, <8.0.4
- org.apache.tomcat:tomcat-coyote
- >7.0.0, <7.0.53
- <6.0.40
- >8.0.0, <8.0.4
Technical Details
The vulnerability lies within the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat versions before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4. When processing an HTTP request that uses chunked transfer coding, a malformed chunk size value can cause an integer overflow during header parsing. This overflow leads to incorrect calculations related to data length, which can result in excessive resource consumption (e.g., memory or CPU cycles) as the server attempts to process or allocate resources based on the erroneous size. Ultimately, this resource exhaustion manifests as a denial of service condition.
What is the Impact of CVE-2014-0075?
Successful exploitation may allow attackers to cause a denial of service (resource consumption), making the affected service unresponsive or unavailable to legitimate users.
What is the Exploitability of CVE-2014-0075?
Exploitation requires remote access, as an attacker would send a specially crafted HTTP request to the vulnerable Tomcat server. The complexity is moderate, involving the creation of a malformed chunk size in the 'chunked' transfer encoding header. No authentication or specific privileges are required, making it an unauthenticated remote attack. The attacker needs to understand the HTTP chunked transfer encoding specification and how Tomcat's ChunkedInputFilter processes it. Risk factors include publicly exposed Tomcat instances that process HTTP requests with chunked encoding.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2014-0075?
Available Upgrade Options
- org.apache.tomcat:tomcat
- <6.0.40 → Upgrade to 6.0.40
- org.apache.tomcat:tomcat
- >7.0.0, <7.0.53 → Upgrade to 7.0.53
- org.apache.tomcat:tomcat
- >8.0.0, <8.0.4 → Upgrade to 8.0.4
- org.apache.tomcat:tomcat-coyote
- <6.0.40 → Upgrade to 6.0.40
- org.apache.tomcat:tomcat-coyote
- >7.0.0, <7.0.53 → Upgrade to 7.0.53
- org.apache.tomcat:tomcat-coyote
- >8.0.0, <8.0.4 → Upgrade to 8.0.4
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/apache/tomcat80/commit/d49a03728ac7e3c800b1b0ce0eeccd8a5a21bb91
- https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
- http://svn.apache.org/viewvc?view=revision&revision=1579262
- http://secunia.com/advisories/59616
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
- http://secunia.com/advisories/59835
- http://secunia.com/advisories/59678
- http://secunia.com/advisories/60729
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:053
What are Similar Vulnerabilities to CVE-2014-0075?
Similar Vulnerabilities: CVE-2017-5647 , CVE-2014-0050 , CVE-2016-6816 , CVE-2014-0096 , CVE-2018-8037
