VYPR
Moderate severityNVD Advisory· Published May 31, 2014· Updated Jun 17, 2026

CVE-2014-0095

CVE-2014-0095

Description

java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat 8.x before 8.0.4 allows remote attackers to cause a denial of service (thread consumption) by using a "Content-Length: 0" AJP request to trigger a hang in request processing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcat-coyoteMaven
>= 8.0.0-RC1, < 8.0.48.0.4
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.0.0-RC1, < 8.0.48.0.4

Affected products

8
  • Apache/Tomcat6 versions
    cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.0.0:rc10:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.0.0:rc5:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:tomcat:8.0.3:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    >= 8.0.0-RC1, < 8.0.4+ 1 more
    • (no CPE)range: >= 8.0.0-RC1, < 8.0.4
    • (no CPE)range: >= 8.0.0-RC1, < 8.0.4

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.