CVE-2014-0186

A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request.  NOTE: this vulnerability exists because of an unspecified regression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
redhatenterprise_linux
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tomcat7
lucid
dne
precise
not-affected
saucy
not-affected
trusty
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
tomcat
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-admin-webapps
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-docs-webapp
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-el-2.2-api
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-javadoc
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-jsp-2.2-api
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-jsvc
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-lib
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-servlet-3.0-api
RHEL 7
0:7.0.42-5.el7_0
fixed
tomcat-webapps
RHEL 7
0:7.0.42-5.el7_0
fixed
References
http://www.osvdb.org/108060
https://bugzilla.redhat.com/show_bug.cgi?id=1089884
https://rhn.redhat.com/errata/RHSA-2014-0686.html
https://security-tracker.debian.org/tracker/CVE-2014-0186
http://www.osvdb.org/108060
https://bugzilla.redhat.com/show_bug.cgi?id=1089884
https://rhn.redhat.com/errata/RHSA-2014-0686.html
https://security-tracker.debian.org/tracker/CVE-2014-0186