VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2sr7-c3j5-cfhg

Essentials
Severities (24)
References (24)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2sr7-c3j5-cfhg
Aliases	CVE-2014-0095 GHSA-wf5v-jhxj-q632
Summary	java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-20	Improper Input Validation
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-130	Improper Handling of Length Parameter Inconsistency
CWE-835	Loop with Unreachable Exit Condition ('Infinite Loop')

System	Score	Found at
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss	0.09656	https://api.first.org/data/v1/epss?cve=CVE-2014-0095
apache_tomcat	Important	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0095
generic_textual	MODERATE	http://seclists.org/fulldisclosure/2014/May/134
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-wf5v-jhxj-q632
generic_textual	MODERATE	https://github.com/apache/tomcat
generic_textual	MODERATE	https://github.com/apache/tomcat80/commit/77590c897f0e542fe363d70efdf3b82209510aee
generic_textual	MODERATE	https://github.com/apache/tomcat/commit/8884dae60ace77a87ed9385442ce429e98c3a479
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-0095
generic_textual	MODERATE	http://svn.apache.org/viewvc?view=revision&revision=1578392
generic_textual	MODERATE	https://web.archive.org/web/20140713043210/http://www.securitytracker.com/id/1030300
generic_textual	MODERATE	https://web.archive.org/web/20141126170141/http://www.securityfocus.com/bid/67673
generic_textual	MODERATE	https://web.archive.org/web/20151017043748/http://secunia.com/advisories/60729
generic_textual	MODERATE	https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873
generic_textual	MODERATE	http://tomcat.apache.org/security-8.html
generic_textual	MODERATE	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
generic_textual	MODERATE	http://www-01.ibm.com/support/docview.wss?uid=swg21681528
generic_textual	MODERATE	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0095.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-0095
		http://seclists.org/fulldisclosure/2014/May/134
		http://secunia.com/advisories/59873
		http://secunia.com/advisories/60729
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat80/commit/77590c897f0e542fe363d70efdf3b82209510aee
		https://github.com/apache/tomcat/commit/8884dae60ace77a87ed9385442ce429e98c3a479
		https://svn.apache.org/viewvc?view=rev&rev=1578392
		http://svn.apache.org/viewvc?view=revision&revision=1578392
		https://web.archive.org/web/20140713043210/http://www.securitytracker.com/id/1030300
		https://web.archive.org/web/20141126170141/http://www.securityfocus.com/bid/67673
		https://web.archive.org/web/20151017043748/http://secunia.com/advisories/60729
		https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873
		http://tomcat.apache.org/security-8.html
		http://www-01.ibm.com/support/docview.wss?uid=swg21678231
		http://www-01.ibm.com/support/docview.wss?uid=swg21681528
		http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
		http://www.securityfocus.com/bid/67673
		http://www.securitytracker.com/id/1030300
1103804		https://bugzilla.redhat.com/show_bug.cgi?id=1103804
CVE-2014-0095		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0095
CVE-2014-0095		https://nvd.nist.gov/vuln/detail/CVE-2014-0095
GHSA-wf5v-jhxj-q632		https://github.com/advisories/GHSA-wf5v-jhxj-q632

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.92874
EPSS Score	0.09656
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:38:13.188047+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-8.html	38.0.0