Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-4mkw-7haq-pkgn
Vulnerability ID VCID-4mkw-7haq-pkgn
Aliases CVE-2014-0230
GHSA-pxcx-cxq8-4mmw
Summary Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399 Resource Management Errors
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
CWE-770 Allocation of Resources Without Limits or Throttling
System Score Found at
generic_textual HIGH http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
generic_textual HIGH http://marc.info/?l=bugtraq&m=144498216801440&w=2
generic_textual HIGH http://marc.info/?l=bugtraq&m=145974991225029&w=2
generic_textual HIGH http://openwall.com/lists/oss-security/2015/04/10/1
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-1622.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2016-0595.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2016-0596.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2016-0597.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2016-0598.html
generic_textual HIGH https://access.redhat.com/errata/RHSA-2015:2659
generic_textual HIGH https://access.redhat.com/errata/RHSA-2015:2660
epss 0.03099 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.04531 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.04531 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
epss 0.05655 https://api.first.org/data/v1/epss?cve=CVE-2014-0230
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-pxcx-cxq8-4mmw
generic_textual HIGH https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba
generic_textual HIGH https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51
generic_textual HIGH https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1
generic_textual HIGH https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb
generic_textual HIGH https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5
generic_textual HIGH https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303
generic_textual HIGH https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16
generic_textual HIGH https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2
generic_textual HIGH https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
generic_textual HIGH https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
generic_textual HIGH https://issues.jboss.org/browse/JWS-219
generic_textual HIGH https://issues.jboss.org/browse/JWS-220
generic_textual HIGH https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2014-0230
generic_textual HIGH http://svn.apache.org/viewvc?view=revision&revision=1603770
generic_textual HIGH http://svn.apache.org/viewvc?view=revision&revision=1603775
generic_textual HIGH http://svn.apache.org/viewvc?view=revision&revision=1603779
generic_textual HIGH http://tomcat.apache.org/security-6.html
generic_textual HIGH http://tomcat.apache.org/security-7.html
generic_textual HIGH http://tomcat.apache.org/security-8.html
generic_textual HIGH http://www.debian.org/security/2016/dsa-3447
generic_textual HIGH http://www.debian.org/security/2016/dsa-3530
generic_textual HIGH http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
generic_textual HIGH http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
generic_textual HIGH http://www.ubuntu.com/usn/USN-2654-1
generic_textual HIGH http://www.ubuntu.com/usn/USN-2655-1
Reference id Reference type URL
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E
http://marc.info/?l=bugtraq&m=144498216801440&w=2
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://openwall.com/lists/oss-security/2015/04/10/1
http://rhn.redhat.com/errata/RHSA-2015-1622.html
http://rhn.redhat.com/errata/RHSA-2016-0595.html
http://rhn.redhat.com/errata/RHSA-2016-0596.html
http://rhn.redhat.com/errata/RHSA-2016-0597.html
http://rhn.redhat.com/errata/RHSA-2016-0598.html
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0230.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0230
https://github.com/apache/tomcat
https://github.com/apache/tomcat70/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1
https://github.com/apache/tomcat/commit/6b2cfacf749be186ea77249a979af1d4863e47ba
https://github.com/apache/tomcat/commit/812088583d0e60717a8fe9c6d14e12bcdc3e6c51
https://github.com/apache/tomcat/commit/b1c8477e3e3ee635d19cc4d5987c2b157431e0c1
https://github.com/apache/tomcat/commit/c1357e649641844109711d60cacb98e4b5fcd3cb
https://github.com/apache/tomcat/commit/e28dd578fad90a6d5726ec34f3245c9f99d909a5
https://github.com/apache/tomcat/commit/e3146f4b03a2386c3e57597e86134d4ed5c31303
https://github.com/apache/tomcat/commit/fc049912464f0dcf9dede3761f38049369057e16
https://github.com/apache/tomcat/commit/fdd9f11dc24b95e5425076abb58e968336f320a2
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://issues.jboss.org/browse/JWS-219
https://issues.jboss.org/browse/JWS-220
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E
https://svn.apache.org/viewvc?view=rev&rev=1603770
https://svn.apache.org/viewvc?view=rev&rev=1603775
https://svn.apache.org/viewvc?view=rev&rev=1603779
https://svn.apache.org/viewvc?view=rev&rev=1603781
https://svn.apache.org/viewvc?view=rev&rev=1603811
https://svn.apache.org/viewvc?view=rev&rev=1609175
https://svn.apache.org/viewvc?view=rev&rev=1609176
https://svn.apache.org/viewvc?view=rev&rev=1659294
https://svn.apache.org/viewvc?view=rev&rev=1659295
https://svn.apache.org/viewvc?view=rev&rev=1659537
http://svn.apache.org/viewvc?view=revision&revision=1603770
http://svn.apache.org/viewvc?view=revision&revision=1603775
http://svn.apache.org/viewvc?view=revision&revision=1603779
http://tomcat.apache.org/security-6.html
http://tomcat.apache.org/security-7.html
http://tomcat.apache.org/security-8.html
http://www.debian.org/security/2016/dsa-3447
http://www.debian.org/security/2016/dsa-3530
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.ubuntu.com/usn/USN-2654-1
http://www.ubuntu.com/usn/USN-2655-1
1191200 https://bugzilla.redhat.com/show_bug.cgi?id=1191200
CVE-2014-0230 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0230
CVE-2014-0230 https://nvd.nist.gov/vuln/detail/CVE-2014-0230
GHSA-pxcx-cxq8-4mmw https://github.com/advisories/GHSA-pxcx-cxq8-4mmw
RHSA-2015:1621 https://access.redhat.com/errata/RHSA-2015:1621
RHSA-2015:1622 https://access.redhat.com/errata/RHSA-2015:1622
RHSA-2015:2661 https://access.redhat.com/errata/RHSA-2015:2661
RHSA-2016:0595 https://access.redhat.com/errata/RHSA-2016:0595
RHSA-2016:0596 https://access.redhat.com/errata/RHSA-2016:0596
RHSA-2016:0597 https://access.redhat.com/errata/RHSA-2016:0597
RHSA-2016:0598 https://access.redhat.com/errata/RHSA-2016:0598
RHSA-2016:0599 https://access.redhat.com/errata/RHSA-2016:0599
RHSA-2016:2599 https://access.redhat.com/errata/RHSA-2016:2599
USN-2654-1 https://usn.ubuntu.com/2654-1/
USN-2655-1 https://usn.ubuntu.com/2655-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.86843
EPSS Score 0.03099
Published At April 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:13.080455+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-8.html 38.0.0