HTTP: Apache Tomcat ChunkedInputFilter Denial of Service

This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful exploit can lead to denial of service.

Extended Description

java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.

Affected Products

Apache tomcat

References

BugTraq: 72717

CVE: CVE-2014-0227

Short Name
HTTP:APACHE:CHUNKEDINPTFLTR-DOS
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache CVE-2014-0227 ChunkedInputFilter Denial Service Tomcat bid:72717 of
Release Date
02/07/2023
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3569
False Positive
Rarely
Vendors

Apache

Found a potential security threat?