Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2897-1
HistoryApr 08, 2014 - 12:00 a.m.

tomcat7 - security update

2014-04-0800:00:00
Google
osv.dev
11

0.93 High

EPSS

Percentile

99.1%

JSON

Multiple security issues were found in the Tomcat servlet and JSP engine:

  • CVE-2013-2067
    FORM authentication associates the most recent request requiring
    authentication with the current session. By repeatedly sending a request
    for an authenticated resource while the victim is completing the login
    form, an attacker could inject a request that would be executed using the
    victim’s credentials.
  • CVE-2013-2071
    A runtime exception in AsyncListener.onComplete() prevents the request from
    being recycled. This may expose elements of a previous request to a current
    request.
  • CVE-2013-4286
    Reject requests with multiple content-length headers or with a content-length
    header when chunked encoding is being used.
  • CVE-2013-4322
    When processing a request submitted using the chunked transfer encoding,
    Tomcat ignored but did not limit any extensions that were included. This allows
    a client to perform a limited denial of service by streaming an unlimited amount
    of data to the server.
  • CVE-2014-0050
    Multipart requests with a malformed Content-Type header could trigger an
    infinite loop causing a denial of service.

For the stable distribution (wheezy), these problems have been fixed in
version 7.0.28-4+deb7u1.

For the testing distribution (jessie), these problems have been fixed in
version 7.0.52-1.

For the unstable distribution (sid), these problems have been fixed in
version 7.0.52-1.

We recommend that you upgrade your tomcat7 packages.

CPENameOperatorVersion
tomcat7eq7.0.28-4

Related

openvas 43
nessus 48
debian 1
amazon 2
redhat 13
centos 3
atlassian 5
ubuntu 2
securityvulns 7
oraclelinux 4
ibm 17
tomcat 5
prion 4
osv 4
cvelist 4
ubuntucve 4
nvd 4
debiancve 4
seebug 3
cve 4
github 3
mageia 5
fedora 4
gentoo 1
veracode 1
checkpoint_advisories 2
f5 1
exploitpack 1
openvas
openvas
Debian: Security Advisory (DSA-2897-1)
2014-04-07 00:00:00
Debian Security Advisory DSA 2897-1 (tomcat7 - security update)
2014-04-08 00:00:00
CentOS Update for tomcat6 CESA-2014:0429 centos6
2014-05-02 00:00:00
nessus
nessus
Debian DSA-2897-1 : tomcat7 - security update
2014-04-09 00:00:00
Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140423)
2014-04-24 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526)
2014-06-26 00:00:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
Low: tomcat7
2013-05-24 13:55:00
redhat
redhat
(RHSA-2014:0527) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
2014-05-21 15:31:56
(RHSA-2014:0429) Moderate: tomcat6 security update
2014-04-23 00:00:00
(RHSA-2014:0526) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
2014-05-21 15:09:06
centos
centos
tomcat6 security update
2014-04-23 19:07:14
tomcat6 security update
2014-07-09 16:09:49
tomcat6 security update
2013-06-20 17:46:38
atlassian
atlassian
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
Upgrade bundled Tomcat to 6.0.37
2013-05-21 00:23:31
ubuntu
ubuntu
Tomcat vulnerabilities
2013-05-28 00:00:00
Tomcat vulnerabilities
2014-03-06 00:00:00
securityvulns
securityvulns
Apache Tomcat security vulnerabilities
2013-05-10 00:00:00
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
tomcat6 security update
2013-06-20 00:00:00
ibm
ibm
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)
2018-06-17 04:53:01
Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-17 22:31:44
Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-17 22:31:46
tomcat
tomcat
Fixed in Apache Tomcat 6.0.37
2013-05-03 00:00:00
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
Cross site request forgery (csrf)
2013-06-01 14:21:00
Session fixation
2013-06-01 14:21:00
osv
osv
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-17 02:44:28
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
cvelist
cvelist
CVE-2013-4322
2014-02-26 11:00:00
CVE-2013-2067
2013-06-01 10:00:00
CVE-2013-2071
2013-06-01 10:00:00
ubuntucve
ubuntucve
CVE-2013-4322
2014-02-26 00:00:00
CVE-2013-2071
2013-05-10 00:00:00
CVE-2013-2067
2013-05-10 00:00:00
nvd
nvd
CVE-2013-4322
2014-02-26 14:55:08
CVE-2013-2071
2013-06-01 14:21:05
CVE-2013-2067
2013-06-01 14:21:05
debiancve
debiancve
CVE-2013-4322
2014-02-26 14:55:00
CVE-2013-2071
2013-06-01 14:21:00
CVE-2013-2067
2013-06-01 14:21:00
seebug
seebug
Apache Tomcat 不完整修复拒绝服务漏洞
2014-02-27 00:00:00
Apache Tomcat 信息泄露漏洞(CVE-2013-2071)
2013-05-17 00:00:00
Apache Tomcat表单验证功能安全绕过漏洞
2013-06-06 00:00:00
cve
cve
CVE-2013-4322
2014-02-26 14:55:08
CVE-2013-2067
2013-06-01 14:21:05
CVE-2013-2071
2013-06-01 14:21:05
github
github
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
Improper Authentication in Apache Tomcat
2022-05-14 01:10:35
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
2022-05-17 02:44:28
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat6 packages fix multiple vulnerabilities and logging
2014-02-17 22:13:24
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
[SECURITY] Fedora 17 Update: tomcat-7.0.40-1.fc17
2013-05-21 08:28:12
[SECURITY] Fedora 18 Update: tomcat-7.0.40-1.fc18
2013-05-21 08:45:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
veracode
veracode
Session Fixation During Completion Of The Login Form
2019-01-15 08:55:05
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
2014-03-05 00:00:00
Apache Tomcat Chunked Transfer Denial of Service - Ver 2 (CVE-2012-3544)
2013-11-10 00:00:00
f5
f5
SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050
2014-04-18 00:00:00
exploitpack
exploitpack
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00

0.93 High

EPSS

Percentile

99.1%

JSON
Related for OSV:DSA-2897-1
openvas43nessus48debian1amazon2redhat13centos3atlassian5ubuntu2securityvulns7oraclelinux4ibm17tomcat5prion4osv4cvelist4ubuntucve4nvd4debiancve4seebug3cve4github3mageia5fedora4gentoo1veracode1checkpoint_advisories2f51exploitpack1