Search for vulnerabilities
Vulnerability details: VCID-74gj-w1me-aaaj
Vulnerability ID VCID-74gj-w1me-aaaj
Aliases CVE-2014-0095
GHSA-wf5v-jhxj-q632
Summary java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-20 Improper Input Validation
CWE-130 Improper Handling of Length Parameter Inconsistency
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.03029 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.10655 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.10655 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.10655 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.13063 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
epss 0.18532 https://api.first.org/data/v1/epss?cve=CVE-2014-0095
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1103804
apache_tomcat Important https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0095
generic_textual MODERATE http://seclists.org/fulldisclosure/2014/May/134
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-wf5v-jhxj-q632
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
generic_textual MODERATE https://github.com/apache/tomcat80/commit/77590c897f0e542fe363d70efdf3b82209510aee
generic_textual MODERATE https://github.com/apache/tomcat/commit/8884dae60ace77a87ed9385442ce429e98c3a479
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2014-0095
generic_textual MODERATE http://svn.apache.org/viewvc?view=revision&revision=1578392
generic_textual MODERATE https://web.archive.org/web/20140713043210/http://www.securitytracker.com/id/1030300
generic_textual MODERATE https://web.archive.org/web/20141126170141/http://www.securityfocus.com/bid/67673
generic_textual MODERATE https://web.archive.org/web/20151017043748/http://secunia.com/advisories/60729
generic_textual MODERATE https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873
cvssv3.1 9.8 http://tomcat.apache.org/security-8.html
generic_textual CRITICAL http://tomcat.apache.org/security-8.html
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg21678231
generic_textual MODERATE http://www-01.ibm.com/support/docview.wss?uid=swg21681528
generic_textual MODERATE http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0095.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0095
http://seclists.org/fulldisclosure/2014/May/134
http://secunia.com/advisories/59873
http://secunia.com/advisories/60729
https://github.com/apache/tomcat
https://github.com/apache/tomcat80/commit/77590c897f0e542fe363d70efdf3b82209510aee
https://github.com/apache/tomcat/commit/8884dae60ace77a87ed9385442ce429e98c3a479
https://svn.apache.org/viewvc?view=rev&rev=1578392
http://svn.apache.org/viewvc?view=revision&revision=1578392
https://web.archive.org/web/20140713043210/http://www.securitytracker.com/id/1030300
https://web.archive.org/web/20141126170141/http://www.securityfocus.com/bid/67673
https://web.archive.org/web/20151017043748/http://secunia.com/advisories/60729
https://web.archive.org/web/20161024215453/http://secunia.com/advisories/59873
http://tomcat.apache.org/security-8.html
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
http://www-01.ibm.com/support/docview.wss?uid=swg21681528
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://www.securityfocus.com/bid/67673
http://www.securitytracker.com/id/1030300
1103804 https://bugzilla.redhat.com/show_bug.cgi?id=1103804
cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
CVE-2014-0095 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0095
CVE-2014-0095 https://nvd.nist.gov/vuln/detail/CVE-2014-0095
GHSA-wf5v-jhxj-q632 https://github.com/advisories/GHSA-wf5v-jhxj-q632
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2014-0095
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://tomcat.apache.org/security-8.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.91218
EPSS Score 0.03029
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.