CVE-2014-0230 [High] | Denial of Service in Tomcat

CVE-2014-0230 is rated High Risk (70.2/100): CVSS High severity, with high exploitation likelihood (EPSS 20.32%, 97th percentile). EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +17.22% over the last day, indicating growing attacker interest. High exploitation likelihood—assess exposure and prioritize remediation.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	3.10%	20.32%	+17.22%
2	2026-04-29	4.53%	3.10%	-1.43%
3	2026-04-22	—	4.53%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

3.10%

20.32%

+17.22%

2026-04-29

4.53%

3.10%

-1.43%

2026-04-22

—

4.53%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.8	2.0	HIGH	`AV:N/AC:L/Au:N/C:N/I:N/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:C) Complete availability impact.	10.0	6.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.8

2.0

HIGH

AV:N/AC:L/Au:N/C:N/I:N/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:C): Complete availability impact.

10.0

6.9

[email protected]

OS Trackers for CVE-2014-0230

vendor	priority	summary	link
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2014-0230
`ubuntu`	low	CVE-2014-0230 low priority: Ubuntu including 3 source packages (tomcat6, tomcat7, tomcat8), 36 status rows across 12 suites (artful, bionic, lucid, precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): not-affected 16, DNE 8, ignored 5, released 4, needed 3.	https://ubuntu.com/security/CVE-2014-0230

Affected software / configurations for CVE-2014-0230

Vendor	Product	Version	Raw CPE
apache	tomcat	6.0.0	cpe:2.3:a:apache:tomcat:6.0.0:::::::*
apache	tomcat	6.0.0	cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
apache	tomcat	6.0.1	cpe:2.3:a:apache:tomcat:6.0.1:::::::*
apache	tomcat	6.0.1	cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:::::::*
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
apache	tomcat	6.0.2	cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
apache	tomcat	6.0.3	cpe:2.3:a:apache:tomcat:6.0.3:::::::*
apache	tomcat	6.0.4	cpe:2.3:a:apache:tomcat:6.0.4:::::::*
apache	tomcat	6.0.4	cpe:2.3:a:apache:tomcat:6.0.4:alpha::::::
apache	tomcat	6.0.5	cpe:2.3:a:apache:tomcat:6.0.5:::::::*
apache	tomcat	6.0.6	cpe:2.3:a:apache:tomcat:6.0.6:::::::*
apache	tomcat	6.0.6	cpe:2.3:a:apache:tomcat:6.0.6:alpha::::::
apache	tomcat	6.0.7	cpe:2.3:a:apache:tomcat:6.0.7:::::::*
apache	tomcat	6.0.7	cpe:2.3:a:apache:tomcat:6.0.7:alpha::::::
apache	tomcat	6.0.7	cpe:2.3:a:apache:tomcat:6.0.7:beta::::::
apache	tomcat	6.0.8	cpe:2.3:a:apache:tomcat:6.0.8:::::::*
apache	tomcat	6.0.8	cpe:2.3:a:apache:tomcat:6.0.8:alpha::::::
apache	tomcat	6.0.9	cpe:2.3:a:apache:tomcat:6.0.9:::::::*
apache	tomcat	6.0.9	cpe:2.3:a:apache:tomcat:6.0.9:beta::::::
apache	tomcat	6.0.10	cpe:2.3:a:apache:tomcat:6.0.10:::::::*
apache	tomcat	6.0.11	cpe:2.3:a:apache:tomcat:6.0.11:::::::*
apache	tomcat	6.0.12	cpe:2.3:a:apache:tomcat:6.0.12:::::::*
apache	tomcat	6.0.13	cpe:2.3:a:apache:tomcat:6.0.13:::::::*
apache	tomcat	6.0.14	cpe:2.3:a:apache:tomcat:6.0.14:::::::*
apache	tomcat	6.0.15	cpe:2.3:a:apache:tomcat:6.0.15:::::::*
apache	tomcat	6.0.16	cpe:2.3:a:apache:tomcat:6.0.16:::::::*
apache	tomcat	6.0.17	cpe:2.3:a:apache:tomcat:6.0.17:::::::*
apache	tomcat	6.0.18	cpe:2.3:a:apache:tomcat:6.0.18:::::::*
apache	tomcat	6.0.19	cpe:2.3:a:apache:tomcat:6.0.19:::::::*
apache	tomcat	6.0.20	cpe:2.3:a:apache:tomcat:6.0.20:::::::*
apache	tomcat	6.0.24	cpe:2.3:a:apache:tomcat:6.0.24:::::::*
apache	tomcat	6.0.26	cpe:2.3:a:apache:tomcat:6.0.26:::::::*
apache	tomcat	6.0.27	cpe:2.3:a:apache:tomcat:6.0.27:::::::*
apache	tomcat	6.0.28	cpe:2.3:a:apache:tomcat:6.0.28:::::::*
apache	tomcat	6.0.29	cpe:2.3:a:apache:tomcat:6.0.29:::::::*
apache	tomcat	6.0.30	cpe:2.3:a:apache:tomcat:6.0.30:::::::*
apache	tomcat	6.0.31	cpe:2.3:a:apache:tomcat:6.0.31:::::::*
apache	tomcat	6.0.32	cpe:2.3:a:apache:tomcat:6.0.32:::::::*
apache	tomcat	6.0.33	cpe:2.3:a:apache:tomcat:6.0.33:::::::*
apache	tomcat	6.0.35	cpe:2.3:a:apache:tomcat:6.0.35:::::::*
apache	tomcat	6.0.36	cpe:2.3:a:apache:tomcat:6.0.36:::::::*
apache	tomcat	6.0.37	cpe:2.3:a:apache:tomcat:6.0.37:::::::*
apache	tomcat	6.0.39	cpe:2.3:a:apache:tomcat:6.0.39:::::::*
apache	tomcat	6.0.41	cpe:2.3:a:apache:tomcat:6.0.41:::::::*
apache	tomcat	6.0.43	cpe:2.3:a:apache:tomcat:6.0.43:::::::*
apache	tomcat	7.0.0	cpe:2.3:a:apache:tomcat:7.0.0:::::::*
apache	tomcat	7.0.0	cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
apache	tomcat	7.0.1	cpe:2.3:a:apache:tomcat:7.0.1:::::::*
apache	tomcat	7.0.2	cpe:2.3:a:apache:tomcat:7.0.2:::::::*
apache	tomcat	7.0.2	cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
apache	tomcat	7.0.3	cpe:2.3:a:apache:tomcat:7.0.3:::::::*
apache	tomcat	7.0.4	cpe:2.3:a:apache:tomcat:7.0.4:::::::*
apache	tomcat	7.0.4	cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
apache	tomcat	7.0.5	cpe:2.3:a:apache:tomcat:7.0.5:::::::*
apache	tomcat	7.0.6	cpe:2.3:a:apache:tomcat:7.0.6:::::::*
apache	tomcat	7.0.7	cpe:2.3:a:apache:tomcat:7.0.7:::::::*
apache	tomcat	7.0.8	cpe:2.3:a:apache:tomcat:7.0.8:::::::*
apache	tomcat	7.0.9	cpe:2.3:a:apache:tomcat:7.0.9:::::::*
apache	tomcat	7.0.10	cpe:2.3:a:apache:tomcat:7.0.10:::::::*
apache	tomcat	7.0.11	cpe:2.3:a:apache:tomcat:7.0.11:::::::*
apache	tomcat	7.0.12	cpe:2.3:a:apache:tomcat:7.0.12:::::::*
apache	tomcat	7.0.13	cpe:2.3:a:apache:tomcat:7.0.13:::::::*
apache	tomcat	7.0.14	cpe:2.3:a:apache:tomcat:7.0.14:::::::*
apache	tomcat	7.0.15	cpe:2.3:a:apache:tomcat:7.0.15:::::::*
apache	tomcat	7.0.16	cpe:2.3:a:apache:tomcat:7.0.16:::::::*
apache	tomcat	7.0.17	cpe:2.3:a:apache:tomcat:7.0.17:::::::*
apache	tomcat	7.0.18	cpe:2.3:a:apache:tomcat:7.0.18:::::::*
apache	tomcat	7.0.19	cpe:2.3:a:apache:tomcat:7.0.19:::::::*
apache	tomcat	7.0.20	cpe:2.3:a:apache:tomcat:7.0.20:::::::*
apache	tomcat	7.0.21	cpe:2.3:a:apache:tomcat:7.0.21:::::::*
apache	tomcat	7.0.22	cpe:2.3:a:apache:tomcat:7.0.22:::::::*
apache	tomcat	7.0.23	cpe:2.3:a:apache:tomcat:7.0.23:::::::*
apache	tomcat	7.0.24	cpe:2.3:a:apache:tomcat:7.0.24:::::::*
apache	tomcat	7.0.25	cpe:2.3:a:apache:tomcat:7.0.25:::::::*
apache	tomcat	7.0.26	cpe:2.3:a:apache:tomcat:7.0.26:::::::*
apache	tomcat	7.0.27	cpe:2.3:a:apache:tomcat:7.0.27:::::::*
apache	tomcat	7.0.28	cpe:2.3:a:apache:tomcat:7.0.28:::::::*
apache	tomcat	7.0.29	cpe:2.3:a:apache:tomcat:7.0.29:::::::*
apache	tomcat	7.0.30	cpe:2.3:a:apache:tomcat:7.0.30:::::::*

References for CVE-2014-0230

URL	Tags
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201505.mbox/%3C554949D1.8030904%40apache.org%3E	Vendor Advisory
http://marc.info/?l=bugtraq&m=144498216801440&w=2
http://marc.info/?l=bugtraq&m=145974991225029&w=2
http://openwall.com/lists/oss-security/2015/04/10/1
http://rhn.redhat.com/errata/RHSA-2015-1621.html
http://rhn.redhat.com/errata/RHSA-2015-1622.html
http://rhn.redhat.com/errata/RHSA-2015-2661.html
http://rhn.redhat.com/errata/RHSA-2016-0595.html
http://rhn.redhat.com/errata/RHSA-2016-0596.html
http://rhn.redhat.com/errata/RHSA-2016-0597.html
http://rhn.redhat.com/errata/RHSA-2016-0598.html
http://rhn.redhat.com/errata/RHSA-2016-0599.html
http://svn.apache.org/viewvc?view=revision&revision=1603770
http://svn.apache.org/viewvc?view=revision&revision=1603775
http://svn.apache.org/viewvc?view=revision&revision=1603779
http://tomcat.apache.org/security-6.html	Patch Vendor Advisory
http://tomcat.apache.org/security-7.html	Patch Vendor Advisory
http://tomcat.apache.org/security-8.html	Patch Vendor Advisory
http://www.debian.org/security/2016/dsa-3447
http://www.debian.org/security/2016/dsa-3530
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
http://www.securityfocus.com/bid/74475
http://www.ubuntu.com/usn/USN-2654-1
http://www.ubuntu.com/usn/USN-2655-1
https://access.redhat.com/errata/RHSA-2015:2659
https://access.redhat.com/errata/RHSA-2015:2660
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05054964
https://issues.jboss.org/browse/JWS-219
https://issues.jboss.org/browse/JWS-220
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E

URL

CVE-2014-0230

Exploit prediction scoring system (EPSS) score for CVE-2014-0230

Common vulnerability scoring system (CVSS) metrics for CVE-2014-0230

Weakness enumeration for CVE-2014-0230

GitHub Security Advisory for CVE-2014-0230

OS Trackers for CVE-2014-0230

Affected software / configurations for CVE-2014-0230

References for CVE-2014-0230