Lucene search

[email protected]CVE-2013-4322

HistoryFeb 26, 2014 - 2:55 p.m.

CVE-2013-4322

2014-02-2614:55:08

CWE-20

[email protected]

web.nvd.nist.gov

608

cve-2013-4322

apache tomcat

chunked transfer coding

denial of service

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9.1 High

AI Score

Confidence

High

0.93 High

EPSS

Percentile

99.1%

JSON

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Affected configurations

NVD

Node

apachetomcatMatch7.0.0

apachetomcatMatch7.0.0beta

apachetomcatMatch7.0.1

apachetomcatMatch7.0.2

apachetomcatMatch7.0.2beta

apachetomcatMatch7.0.3

apachetomcatMatch7.0.4

apachetomcatMatch7.0.4beta

apachetomcatMatch7.0.10

apachetomcatMatch7.0.11

apachetomcatMatch7.0.12

apachetomcatMatch7.0.13

apachetomcatMatch7.0.14

apachetomcatMatch7.0.15

apachetomcatMatch7.0.16

apachetomcatMatch7.0.17

apachetomcatMatch7.0.18

apachetomcatMatch7.0.19

apachetomcatMatch7.0.20

apachetomcatMatch7.0.21

apachetomcatMatch7.0.22

apachetomcatMatch7.0.23

apachetomcatMatch7.0.24

apachetomcatMatch7.0.25

apachetomcatMatch7.0.26

apachetomcatMatch7.0.27

apachetomcatMatch7.0.28

apachetomcatMatch7.0.29

apachetomcatMatch7.0.30

apachetomcatMatch7.0.31

apachetomcatMatch7.0.32

apachetomcatMatch7.0.33

apachetomcatMatch7.0.34

apachetomcatMatch7.0.35

apachetomcatMatch7.0.36

apachetomcatMatch7.0.37

apachetomcatMatch7.0.38

apachetomcatMatch7.0.39

apachetomcatMatch7.0.40

apachetomcatMatch7.0.41

apachetomcatMatch7.0.42

apachetomcatMatch7.0.43

apachetomcatMatch7.0.44

apachetomcatMatch7.0.45

apachetomcatMatch7.0.46

apachetomcatMatch7.0.50

Node

apachetomcatRange≤6.0.37

apachetomcatMatch1.1.3

apachetomcatMatch3.0

apachetomcatMatch3.1

apachetomcatMatch3.1.1

apachetomcatMatch3.2

apachetomcatMatch3.2.1

apachetomcatMatch3.2.2

apachetomcatMatch3.2.2beta2

apachetomcatMatch3.2.3

apachetomcatMatch3.2.4

apachetomcatMatch3.3

apachetomcatMatch3.3.1

apachetomcatMatch3.3.1a

apachetomcatMatch3.3.2

apachetomcatMatch4

apachetomcatMatch4.0.0

apachetomcatMatch4.0.1

apachetomcatMatch4.0.2

apachetomcatMatch4.0.3

apachetomcatMatch4.0.4

apachetomcatMatch4.0.5

apachetomcatMatch4.0.6

apachetomcatMatch4.1.0

apachetomcatMatch4.1.1

apachetomcatMatch4.1.2

apachetomcatMatch4.1.3

apachetomcatMatch4.1.3beta

apachetomcatMatch4.1.9beta

apachetomcatMatch4.1.10

apachetomcatMatch4.1.12

apachetomcatMatch4.1.15

apachetomcatMatch4.1.24

apachetomcatMatch4.1.28

apachetomcatMatch4.1.29

apachetomcatMatch4.1.31

apachetomcatMatch4.1.36

apachetomcatMatch5

apachetomcatMatch5.0.0

apachetomcatMatch5.0.1

apachetomcatMatch5.0.2

apachetomcatMatch5.0.3

apachetomcatMatch5.0.4

apachetomcatMatch5.0.5

apachetomcatMatch5.0.6

apachetomcatMatch5.0.7

apachetomcatMatch5.0.8

apachetomcatMatch5.0.9

apachetomcatMatch5.0.10

apachetomcatMatch5.0.11

apachetomcatMatch5.0.12

apachetomcatMatch5.0.13

apachetomcatMatch5.0.14

apachetomcatMatch5.0.15

apachetomcatMatch5.0.16

apachetomcatMatch5.0.17

apachetomcatMatch5.0.18

apachetomcatMatch5.0.19

apachetomcatMatch5.0.21

apachetomcatMatch5.0.22

apachetomcatMatch5.0.23

apachetomcatMatch5.0.24

apachetomcatMatch5.0.25

apachetomcatMatch5.0.26

apachetomcatMatch5.0.27

apachetomcatMatch5.0.28

apachetomcatMatch5.0.29

apachetomcatMatch5.0.30

apachetomcatMatch5.5.0

apachetomcatMatch5.5.1

apachetomcatMatch5.5.2

apachetomcatMatch5.5.3

apachetomcatMatch5.5.4

apachetomcatMatch5.5.5

apachetomcatMatch5.5.6

apachetomcatMatch5.5.7

apachetomcatMatch5.5.8

apachetomcatMatch5.5.9

apachetomcatMatch5.5.10

apachetomcatMatch5.5.11

apachetomcatMatch5.5.12

apachetomcatMatch5.5.13

apachetomcatMatch5.5.14

apachetomcatMatch5.5.15

apachetomcatMatch5.5.16

apachetomcatMatch5.5.17

apachetomcatMatch5.5.18

apachetomcatMatch5.5.19

apachetomcatMatch5.5.20

apachetomcatMatch5.5.21

apachetomcatMatch5.5.22

apachetomcatMatch5.5.23

apachetomcatMatch5.5.24

apachetomcatMatch5.5.25

apachetomcatMatch5.5.26

apachetomcatMatch5.5.27

apachetomcatMatch5.5.28

apachetomcatMatch5.5.29

apachetomcatMatch5.5.30

apachetomcatMatch5.5.31

apachetomcatMatch5.5.32

apachetomcatMatch5.5.33

apachetomcatMatch5.5.34

apachetomcatMatch5.5.35

apachetomcatMatch6

apachetomcatMatch6.0

apachetomcatMatch6.0.0

apachetomcatMatch6.0.0alpha

apachetomcatMatch6.0.1

apachetomcatMatch6.0.1alpha

apachetomcatMatch6.0.2

apachetomcatMatch6.0.2alpha

apachetomcatMatch6.0.2beta

apachetomcatMatch6.0.3

apachetomcatMatch6.0.10

apachetomcatMatch6.0.11

apachetomcatMatch6.0.12

apachetomcatMatch6.0.13

apachetomcatMatch6.0.14

apachetomcatMatch6.0.15

apachetomcatMatch6.0.16

apachetomcatMatch6.0.17

apachetomcatMatch6.0.18

apachetomcatMatch6.0.19

apachetomcatMatch6.0.20

apachetomcatMatch6.0.24

apachetomcatMatch6.0.26

apachetomcatMatch6.0.27

apachetomcatMatch6.0.28

apachetomcatMatch6.0.29

apachetomcatMatch6.0.30

apachetomcatMatch6.0.31

apachetomcatMatch6.0.32

apachetomcatMatch6.0.33

apachetomcatMatch6.0.35

apachetomcatMatch6.0.36

Node

apachetomcatMatch8.0.0rc1

apachetomcatMatch8.0.0rc2

apachetomcatMatch8.0.0rc3

apachetomcatMatch8.0.0rc4

apachetomcatMatch8.0.0rc5

apachetomcatMatch8.0.0rc6

apachetomcatMatch8.0.0rc7

apachetomcatMatch8.0.0rc8

apachetomcatMatch8.0.0rc9

CPENameOperatorVersion
apache:tomcatapache tomcateq7.0.0
apache:tomcatapache tomcateq7.0.1
apache:tomcatapache tomcateq7.0.2
apache:tomcatapache tomcateq7.0.3
apache:tomcatapache tomcateq7.0.4
apache:tomcatapache tomcateq7.0.10
apache:tomcatapache tomcateq7.0.11
apache:tomcatapache tomcateq7.0.12
apache:tomcatapache tomcateq7.0.13
apache:tomcatapache tomcateq7.0.14

CPE	Name	Operator	Version
apache:tomcat	apache tomcat	eq	7.0.0
apache:tomcat	apache tomcat	eq	7.0.1
apache:tomcat	apache tomcat	eq	7.0.2
apache:tomcat	apache tomcat	eq	7.0.3
apache:tomcat	apache tomcat	eq	7.0.4
apache:tomcat	apache tomcat	eq	7.0.10
apache:tomcat	apache tomcat	eq	7.0.11
apache:tomcat	apache tomcat	eq	7.0.12
apache:tomcat	apache tomcat	eq	7.0.13
apache:tomcat	apache tomcat	eq	7.0.14

Rows per page:

1-10 of 431

References

advisories.mageia.org/MGASA-2014-0148.html

marc.info/?l=bugtraq&m=144498216801440&w=2

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/59036

secunia.com/advisories/59675

secunia.com/advisories/59722

secunia.com/advisories/59724

secunia.com/advisories/59873

svn.apache.org/viewvc?view=revision&revision=1521834

svn.apache.org/viewvc?view=revision&revision=1521864

svn.apache.org/viewvc?view=revision&revision=1549522

svn.apache.org/viewvc?view=revision&revision=1549523

svn.apache.org/viewvc?view=revision&revision=1556540

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www-01.ibm.com/support/docview.wss?uid=swg21667883

www-01.ibm.com/support/docview.wss?uid=swg21675886

www-01.ibm.com/support/docview.wss?uid=swg21677147

www-01.ibm.com/support/docview.wss?uid=swg21678113

www-01.ibm.com/support/docview.wss?uid=swg21678231

www.debian.org/security/2016/dsa-3530

www.mandriva.com/security/advisories?name=MDVSA-2015:052

www.mandriva.com/security/advisories?name=MDVSA-2015:084

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65767

www.ubuntu.com/usn/USN-2130-1

www.vmware.com/security/advisories/VMSA-2014-0008.html

www.vmware.com/security/advisories/VMSA-2014-0012.html

bugzilla.redhat.com/show_bug.cgi?id=1069905

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

rhn.redhat.com/errata/RHSA-2014-0686.html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

9.1 High

AI Score

Confidence

High

0.93 High

EPSS

Percentile

99.1%

JSON

CVE-2013-4322

Affected configurations

References

Related