Moderate severityNVD Advisory· Published May 31, 2014· Updated Jun 17, 2026
CVE-2014-0095
CVE-2014-0095
Description
java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcat-coyoteMaven | >= 8.0.0-RC1, < 8.0.4 | 8.0.4 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 8.0.0-RC1, < 8.0.4 | 8.0.4 |
Affected products
8cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
- ghsa-coords2 versions
>= 8.0.0-RC1, < 8.0.4+ 1 more
- (no CPE)range: >= 8.0.0-RC1, < 8.0.4
- (no CPE)range: >= 8.0.0-RC1, < 8.0.4
Patches
Vulnerability mechanics
References
18- svn.apache.org/viewvcnvdPatchWEB
- tomcat.apache.org/security-8.htmlnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-wf5v-jhxj-q632ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0095ghsaADVISORY
- seclists.org/fulldisclosure/2014/May/134nvdWEB
- www-01.ibm.com/support/docview.wssnvdWEB
- www-01.ibm.com/support/docview.wssnvdWEB
- www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlnvdWEB
- github.com/apache/tomcat/commit/8884dae60ace77a87ed9385442ce429e98c3a479ghsaWEB
- github.com/apache/tomcat80/commit/77590c897f0e542fe363d70efdf3b82209510aeeghsaWEB
- web.archive.org/web/20140713043210/http://www.securitytracker.com/id/1030300ghsaWEB
- web.archive.org/web/20141126170141/http://www.securityfocus.com/bid/67673ghsaWEB
- web.archive.org/web/20151017043748/http://secunia.com/advisories/60729ghsaWEB
- web.archive.org/web/20161024215453/http://secunia.com/advisories/59873ghsaWEB
- secunia.com/advisories/59873nvd
- secunia.com/advisories/60729nvd
- www.securityfocus.com/bid/67673nvd
- www.securitytracker.com/id/1030300nvd
News mentions
0No linked articles in our index yet.