CVE-2014-0075
Integer Overflow or Wraparound in Apache Tomcat
EPSS 46.7%
Description
Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
How to fix CVE-2014-0075
To remediate CVE-2014-0075, upgrade the affected package to a fixed version below.
- Maven/org.apache.tomcat:tomcat—upgrade to 6.0.40 or later
- —upgrade to 6.0.40 or later
Is CVE-2014-0075 being exploited?
Moderate — EPSS is 46.7%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 6.0.40
- from 0, < 6.0.40