Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability

  Severity: MEDIUM
  CVE Identifier: CVE-2014-0075
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer encoding of a request during the streaming of data.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1006107
  Trend Micro Deep Security DPI Rule Name: 1006107 - Apache Tomcat Chunk Request Remote Denial Of Service Vulnerability

  AFFECTED SOFTWARE AND VERSION

  • apache tomcat 6
  • apache tomcat 6.0
  • apache tomcat 6.0.0
  • apache tomcat 6.0.1
  • apache tomcat 6.0.10
  • apache tomcat 6.0.11
  • apache tomcat 6.0.12
  • apache tomcat 6.0.13
  • apache tomcat 6.0.14
  • apache tomcat 6.0.15
  • apache tomcat 6.0.16
  • apache tomcat 6.0.17
  • apache tomcat 6.0.18
  • apache tomcat 6.0.19
  • apache tomcat 6.0.2
  • apache tomcat 6.0.20
  • apache tomcat 6.0.24
  • apache tomcat 6.0.26
  • apache tomcat 6.0.27
  • apache tomcat 6.0.28
  • apache tomcat 6.0.29
  • apache tomcat 6.0.3
  • apache tomcat 6.0.30
  • apache tomcat 6.0.31
  • apache tomcat 6.0.32
  • apache tomcat 6.0.33
  • apache tomcat 6.0.35
  • apache tomcat 6.0.36
  • apache tomcat 6.0.37
  • apache tomcat 6.0.39
  • apache tomcat 6.0.4
  • apache tomcat 6.0.5
  • apache tomcat 6.0.6
  • apache tomcat 6.0.7
  • apache tomcat 6.0.8
  • apache tomcat 6.0.9
  • apache tomcat 7.0.0
  • apache tomcat 7.0.1
  • apache tomcat 7.0.10
  • apache tomcat 7.0.11
  • apache tomcat 7.0.12
  • apache tomcat 7.0.13
  • apache tomcat 7.0.14
  • apache tomcat 7.0.15
  • apache tomcat 7.0.16
  • apache tomcat 7.0.17
  • apache tomcat 7.0.18
  • apache tomcat 7.0.19
  • apache tomcat 7.0.2
  • apache tomcat 7.0.20
  • apache tomcat 7.0.21
  • apache tomcat 7.0.22
  • apache tomcat 7.0.23
  • apache tomcat 7.0.24
  • apache tomcat 7.0.25
  • apache tomcat 7.0.26
  • apache tomcat 7.0.27
  • apache tomcat 7.0.28
  • apache tomcat 7.0.29
  • apache tomcat 7.0.3
  • apache tomcat 7.0.30
  • apache tomcat 7.0.31
  • apache tomcat 7.0.32
  • apache tomcat 7.0.33
  • apache tomcat 7.0.34
  • apache tomcat 7.0.35
  • apache tomcat 7.0.36
  • apache tomcat 7.0.37
  • apache tomcat 7.0.38
  • apache tomcat 7.0.39
  • apache tomcat 7.0.4
  • apache tomcat 7.0.40
  • apache tomcat 7.0.41
  • apache tomcat 7.0.42
  • apache tomcat 7.0.43
  • apache tomcat 7.0.44
  • apache tomcat 7.0.45
  • apache tomcat 7.0.46
  • apache tomcat 7.0.47
  • apache tomcat 7.0.48
  • apache tomcat 7.0.49
  • apache tomcat 7.0.5
  • apache tomcat 7.0.50
  • apache tomcat 7.0.52
  • apache tomcat 7.0.6
  • apache tomcat 7.0.7
  • apache tomcat 7.0.8
  • apache tomcat 7.0.9
  • apache tomcat 8.0.0
  • apache tomcat 8.0.1
  • apache tomcat 8.0.3