Bug 1109196 (CVE-2014-0227)
Summary: | CVE-2014-0227 Tomcat/JBossWeb: request smuggling and limited DoS in ChunkedInputFilter | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bdawidow, cdewolf, chazlett, darran.lofthouse, grocha, jawilson, jclere, jcoleman, jdoyle, jpallich, kconner, kejohnso, lgao, mbabacek, mjc, mweiler, myarboro, pgier, pslavice, rsvoboda, security-response-team, slaskawi, spinder, theute, tkirby, ttarrant, vtunka, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | JBossWeb 7.4.6.Final, Tomcat 7.0.55, Tomcat 6.0.43 | Doc Type: | Bug Fix |
Doc Text: |
It was discovered that the ChunkedInputFilter in Tomcat did not fail subsequent attempts to read input after malformed chunked encoding was detected. A remote attacker could possibly use this flaw to make Tomcat process part of the request body as new request, or cause a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:33:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1109208, 1109199, 1109200, 1109201, 1109202, 1109203, 1109204, 1109205, 1109206, 1109207, 1109209, 1109210, 1109211, 1109212, 1109213, 1109216, 1109217, 1109218, 1109219, 1109220, 1109221, 1109223, 1109225, 1109226, 1109227, 1109228, 1109229, 1160690, 1190821 | ||
Bug Blocks: | 1082938, 1119820, 1119823, 1127901, 1181883, 1182400, 1182419, 1200191 |
Description
Arun Babu Neelicattu
2014-06-13 12:55:29 UTC
Upstream Fix: Tomcat: http://svn.apache.org/viewvc?view=revision&revision=1600984 JBossWeb: https://source.jboss.org/changelog/JBossWeb?cs=2455 Upstream fix for Tomcat 6: https://svn.apache.org/viewvc?view=revision&revision=1603628 Upstream fix for Tomcat 7: https://svn.apache.org/viewvc?view=revision&revision=1601333 External References: https://tomcat.apache.org/security-6.html#Fixed_in_Apache_Tomcat_6.0.43 https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.55 Created tomcat tracking bugs for this issue: Affects: fedora-all [bug 1190821] This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2015:0235 https://rhn.redhat.com/errata/RHSA-2015-0235.html This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2015:0234 https://rhn.redhat.com/errata/RHSA-2015-0234.html tomcat-7.0.59-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report. Tomcat upstream advisories (see comment 18 above) point out additional impact - request smuggling. Tomcat may read next request from the malformed chunked request body, rather than aborting connection as soon as the first encoding issue is detected. Upstream does not indicate where this may have practical impact, as Tomcat accepts multiple requests pipelined in a single connection. It seems this may have impact in deployments where Tomcat is accessed via a reverse proxy that only exposes certain paths / web applications. This may possibly allow bypass of proxy restrictions and allow access to URLs not exposed by the proxy. However, this attack would require proxy to allow malformed requests to be passed to Tomcat. This issue has been addressed in the following products: JBoss Data Virtualization 6.1.0 Via RHSA-2015:0675 https://rhn.redhat.com/errata/RHSA-2015-0675.html This issue has been addressed in the following products: Red Hat JBoss Fuse Service Works 6.0.0 Via RHSA-2015:0720 https://rhn.redhat.com/errata/RHSA-2015-0720.html This issue has been addressed in the following products: Red Hat JBoss Data Virtualization 6.0.0 Via RHSA-2015:0765 https://rhn.redhat.com/errata/RHSA-2015-0765.html This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:0983 https://rhn.redhat.com/errata/RHSA-2015-0983.html This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:0991 https://rhn.redhat.com/errata/RHSA-2015-0991.html This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html |