VDB

RHSA-2014%3A0345

RHSA-2014%3A0345 PUBLISHED CVSS 5.800000190734863 MEDIUM

It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests.

Risk Scores

CVSS 2.0
5.800000190734863

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Enterprise Application Platform 6.2

Timeline

  • Mar 31, 2014 CVE Published
  • Jan 28, 2026 CVE Updated
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Distribution Patch
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
  • Apr 29, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›