You are here

Home › Apache Tomcat DoS and request smuggling

Apache Tomcat DoS and request smuggling

Submitted on 18. June 2014 - 14:33 by rischi.
Last update on 18. June 2014 - 16:52.
IDs: 
CVE-2014-0075, CVE-2014-0095, CVE-2014-0099
Keywords: 
Tomcat, DoS, request smuggling
Description: 

The following Apache Tomcat vulnerabilities have been reported. Airlock is not affected and protects vulnerable back-ends.

CVE-2014-0095 (Apache Tomcat 8.x before 8.0.4)
The vulnerability affects the Apache Tomcat Connector AJP (Apache JServ Protocol). Airlock is not affected because Apache Tomcat version 8 is not used. Back-ends are not affected because Airlock does not support AJP for back-end connections.

CVE-2014-0099 (Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4)
By injecting an overlong content-length header which causes an integer overflow in Tomcat, an attacker can conduct a request smuggling attack to an Apache Tomcat behind a reverse proxy/WAF. Airlock is not affected because the content-length header value is limited by default to 100MB in Airlock 5 and 1GB in Airlock 4.2 (Mapping -> Allow Rules -> Length Check -> Max. request body size). These values prevent the integer overflow attack in Apache Tomcat.

CVE-2014-0075 (Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4)

An attacker can conduct a denial of service (DoS) attack via malformed chunk sizes in chunked transfer encoding of a request. Airlock is not affected and protects back-ends by rebuilding a clean HTTP request with correct chunk sizes.

Resolution: 

No action required

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
Does not affect back-end behind Airlock
Reference: 
Apache Tomcat 7.x vulnerabilities
© Ergon Informatik AG