4.3

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-0099

CVE-2014-0099: Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2014-0099

CVE-2014-0099:

4.3

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.tomcat:tomcat	maven	< 6.0.40	6.0.40
org.apache.tomcat:tomcat	maven	>= 7.0.0, < 7.0.54	7.0.54
org.apache.tomcat:tomcat	maven	>= 8.0.0, < 8.0.6	8.0.6

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit diff shows critical changes to the parseLong method in Ascii.java, introducing overflow checks using OVERFLOW_LIMIT. The CVE description explicitly references improper Content-Length handling in this file, and the added test cases validate() overflow scenarios. The pre-patch code used unsafe 'm = n*10 + c' without proper overflow validation, making this function the clear vulnerability source.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

4.3

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2014-0099: Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

CVE-2014-0099:

4.3

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

4.3

4.3

Technical Details

Basic Information

Basic Information

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2014-0099: Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI