Intrusion PreventionHTTP.Content-Length.Integer.Overflow
Description
This indicates an attack attempt to exploit a Information Disclosure vulnerability in Apache Tomcat.
The vulnerability is due to an error when vulnerable software handles a crafted HTTP request. A remote attacker may be able to exploit this to gain unauthorized access to sensitive information on the affected machines.
Affected Products
Apache Tomcat 8.0.0-RC1 to 8.0.3
Apache Tomcat 7.0.0 to 7.0.52
Apache Tomcat 6.0.0 to 6.0.39
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://tomcat.apache.org/download-80.cgi
http://tomcat.apache.org/download-70.cgi
http://tomcat.apache.org/download-60.cgi
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-10-27 | 22.423 | Name:HTTP. Content-Length. Integer. Overflow. Information. Disclosure:HTTP. Content-Length. Integer. Overflow |
| 2019-03-13 | 14.572 | Name:Apache. Tomcat. Integer. Overflow. Information. Disclosure:HTTP. Content-Length. Integer. Overflow. Information. Disclosure |
| ID | 38786 |
| Created | Apr 14, 2015 |
| Updated | Oct 26, 2022 |
| Risk |
|
| CVE ID | CVE-2019-7401 CVE-2014-0099 |
| Exploit Prediction Score | 1.44% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux |
| Affected App | Apache |