CVE-2014-0227 Request Smuggling
Vendor: The Apache Software Foundation
- - Apache Tomcat 8.0.0-RC1 to 8.0.8
- - Apache Tomcat 7.0.0 to 7.0.54
- - Apache Tomcat 6.0.0 to 6.0.41
It was possible to craft a malformed chunk as part of a chucked request
that caused Tomcat to read part of the request body as a new request.
Users of affected versions should apply one of the following mitigations
- - Upgrade to Apache Tomcat 8.0.9 or later
- - Upgrade to Apache Tomcat 7.0.55 or later
- - Upgrade to Apache Tomcat 6.0.43 or later
(6.0.42 contains the fix but was not released)
This issue was identified by the Tomcat security team.