HTTP: Apache Tomcat ChunkedInputFilter Malformed Chunk Size Denial of Service
This signature detects attempts to exploit a known vulnerability against Apache Tomcat. A successful attack can result in a denial-of-service condition.
Extended Description
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
Affected Products
Apache tomcat
References
BugTraq: 67671
CVE: CVE-2014-0075
URL: http://securitytracker.com/id?1030299 http://seclists.org/fulldisclosure/2014/may/133
Short Name
HTTP:CTS:APACHE-CHUNKED-DDOS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2014-0075 Chunk ChunkedInputFilter Denial Malformed Service Size Tomcat bid:67671 of
Release Date
02/27/2025
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
Sigpack Version
3786
False Positive
Unknown
Vendors
Apache