Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:0686
HistoryJun 10, 2014 - 12:00 a.m.

(RHSA-2014:0686) Important: tomcat security update

2014-06-1000:00:00
access.redhat.com
17

0.93 High

EPSS

Percentile

99.1%

JSON

Apache Tomcat is a servlet container for the Java Servlet and JavaServer
Pages (JSP) technologies.

It was found that a fix for a previous security flaw introduced a
regression that could cause a denial of service in Tomcat 7. A remote
attacker could use this flaw to consume an excessive amount of CPU on the
Tomcat server by sending a specially crafted request to that server.
(CVE-2014-0186)

It was found that when Tomcat 7 processed a series of HTTP requests in
which at least one request contained either multiple content-length
headers, or one content-length header with a chunked transfer-encoding
header, Tomcat would incorrectly handle the request. A remote attacker
could use this flaw to poison a web cache, perform cross-site scripting
(XSS) attacks, or obtain sensitive information from other requests.
(CVE-2013-4286)

It was discovered that the fix for CVE-2012-3544 did not properly resolve a
denial of service flaw in the way Tomcat 7 processed chunk extensions and
trailing headers in chunked requests. A remote attacker could use this flaw
to send an excessively long request that, when processed by Tomcat, could
consume network bandwidth, CPU, and memory on the Tomcat server. Note that
chunked transfer encoding is enabled by default. (CVE-2013-4322)

All Tomcat 7 users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. Tomcat must be
restarted for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat7noarchtomcat-lib< 7.0.42-5.el7_0tomcat-lib-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat-docs-webapp< 7.0.42-5.el7_0tomcat-docs-webapp-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat-admin-webapps< 7.0.42-5.el7_0tomcat-admin-webapps-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat-jsp-2.2-api< 7.0.42-5.el7_0tomcat-jsp-2.2-api-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat-el-2.2-api< 7.0.42-5.el7_0tomcat-el-2.2-api-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat-servlet-3.0-api< 7.0.42-5.el7_0tomcat-servlet-3.0-api-7.0.42-5.el7_0.noarch.rpm
RedHat7srctomcat< 7.0.42-5.el7_0tomcat-7.0.42-5.el7_0.src.rpm
RedHat7noarchtomcat-webapps< 7.0.42-5.el7_0tomcat-webapps-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat-javadoc< 7.0.42-5.el7_0tomcat-javadoc-7.0.42-5.el7_0.noarch.rpm
RedHat7noarchtomcat< 7.0.42-5.el7_0tomcat-7.0.42-5.el7_0.noarch.rpm
Rows per page:
1-10 of 111

Related

openvas 37
nessus 47
ibm 15
amazon 1
redhat 15
centos 2
oraclelinux 3
prion 6
osv 6
cvelist 4
nvd 6
debiancve 4
cve 6
securityvulns 5
seebug 3
github 2
ubuntucve 4
fedora 1
mageia 3
tomcat 7
ubuntu 2
debian 4
checkpoint_advisories 2
veracode 2
atlassian 8
gentoo 1
vmware 2
f5 1
openvas
openvas
RedHat Update for tomcat RHSA-2014:0686-01
2014-07-04 00:00:00
Oracle: Security Advisory (ELSA-2014-0686)
2015-10-06 00:00:00
Fedora Update for tomcat FEDORA-2014-11048
2014-10-01 00:00:00
nessus
nessus
RHEL 7 : tomcat (RHSA-2014:0686)
2014-07-30 00:00:00
Oracle Linux 7 : tomcat (ELSA-2014-0686)
2014-07-24 00:00:00
Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)
2014-09-29 00:00:00
ibm
ibm
Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)
2018-06-17 04:53:01
Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache Tomcat
2018-06-18 00:08:27
Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)
2018-06-15 07:01:06
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
redhat
redhat
(RHSA-2014:0527) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
2014-05-21 15:31:56
(RHSA-2014:0526) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update
2014-05-21 15:09:06
(RHSA-2014:0429) Moderate: tomcat6 security update
2014-04-23 00:00:00
centos
centos
tomcat6 security update
2014-04-23 19:07:14
tomcat6 security update
2014-07-09 16:09:49
oraclelinux
oraclelinux
tomcat security update
2014-07-20 00:00:00
tomcat6 security update
2014-04-23 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
Design/Logic Flaw
2014-06-14 11:18:00
Code injection
2013-06-01 14:21:00
osv
osv
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
tomcat7 - security update
2014-04-08 00:00:00
tomcat6 - regression update
2014-11-23 00:00:00
cvelist
cvelist
CVE-2013-4322
2014-02-26 11:00:00
CVE-2014-0186
2014-06-14 10:00:00
CVE-2012-3544
2013-06-01 10:00:00
nvd
nvd
CVE-2013-4322
2014-02-26 14:55:08
CVE-2012-3544
2013-06-01 14:21:05
CVE-2014-0186
2014-06-14 11:18:54
debiancve
debiancve
CVE-2013-4322
2014-02-26 14:55:00
CVE-2014-0186
2014-06-14 11:18:00
CVE-2012-3544
2013-06-01 14:21:00
cve
cve
CVE-2013-4322
2014-02-26 14:55:08
CVE-2014-0186
2014-06-14 11:18:54
CVE-2012-3544
2013-06-01 14:21:05
securityvulns
securityvulns
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 &#40;Denial of Service&#41;
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
[SECURITY] CVE-2012-3544 Chunked transfer encoding extension size is not limited
2013-05-10 00:00:00
seebug
seebug
Apache Tomcat 不完整修复拒绝服务漏洞
2014-02-27 00:00:00
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-27 00:00:00
github
github
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
ubuntucve
ubuntucve
CVE-2013-4322
2014-02-26 00:00:00
CVE-2014-0186
2014-06-14 00:00:00
CVE-2012-3544
2012-12-31 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat6 packages fix multiple vulnerabilities and logging
2014-02-17 22:13:24
tomcat
tomcat
Fixed in Apache Tomcat 8.0.0-RC10
2013-12-26 00:00:00
Fixed in Apache Tomcat 7.0.50
2014-01-08 00:00:00
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
Tomcat vulnerabilities
2013-05-28 00:00:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
2014-03-05 00:00:00
Apache Tomcat Chunked Transfer Denial of Service - Ver 2 (CVE-2012-3544)
2013-11-10 00:00:00
veracode
veracode
Request-smuggling Attacks
2019-01-15 08:59:20
Authorization Bypass
2019-05-02 05:02:08
atlassian
atlassian
Upgrade bundled Tomcat due to security vulnerabilities
2013-05-21 04:29:40
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
Upgrade bundled Tomcat to the latest minor release
2013-06-19 09:30:24
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
f5
f5
K20038622 : Multiple Apache Tomcat vulnerabilities
2020-08-06 00:00:00

0.93 High

EPSS

Percentile

99.1%

JSON
Related for RHSA-2014:0686
openvas37nessus47ibm15amazon1redhat15centos2oraclelinux3prion6osv6cvelist4nvd6debiancve4cve6securityvulns5seebug3github2ubuntucve4fedora1mageia3tomcat7ubuntu2debian4checkpoint_advisories2veracode2atlassian8gentoo1vmware2f51