CVE-2014-0095

medium Apache
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Score
9.7%
Exploitation probability in 30 days
Top 7% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
P
Published: May 31, 2014 (4367 days ago)
Last Modified: May 6, 2026
Vendor: Apache
Source: NVD

Description

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

CWE

CWE-20

Affected Products

apache tomcat

References

🔗 seclists.org 🔗 secunia.com 🔗 secunia.com 🔗 svn.apache.org 🔗 tomcat.apache.org