CVE-2013-4286

EPSS 26.07%
Veröffentlicht 26.02.2014 14:55:08
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 48

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version7.0.0

Apache ≫ Tomcat Version7.0.0 Updatebeta

Apache ≫ Tomcat Version7.0.1

Apache ≫ Tomcat Version7.0.2

Apache ≫ Tomcat Version7.0.2 Updatebeta

Apache ≫ Tomcat Version7.0.3

Apache ≫ Tomcat Version7.0.4

Apache ≫ Tomcat Version7.0.4 Updatebeta

Apache ≫ Tomcat Version7.0.10

Apache ≫ Tomcat Version7.0.11

Apache ≫ Tomcat Version7.0.12

Apache ≫ Tomcat Version7.0.13

Apache ≫ Tomcat Version7.0.14

Apache ≫ Tomcat Version7.0.15

Apache ≫ Tomcat Version7.0.16

Apache ≫ Tomcat Version7.0.17

Apache ≫ Tomcat Version7.0.18

Apache ≫ Tomcat Version7.0.19

Apache ≫ Tomcat Version7.0.20

Apache ≫ Tomcat Version7.0.21

Apache ≫ Tomcat Version7.0.22

Apache ≫ Tomcat Version7.0.23

Apache ≫ Tomcat Version7.0.24

Apache ≫ Tomcat Version7.0.25

Apache ≫ Tomcat Version7.0.26

Apache ≫ Tomcat Version7.0.27

Apache ≫ Tomcat Version7.0.28

Apache ≫ Tomcat Version7.0.29

Apache ≫ Tomcat Version7.0.30

Apache ≫ Tomcat Version7.0.31

Apache ≫ Tomcat Version7.0.32

Apache ≫ Tomcat Version7.0.33

Apache ≫ Tomcat Version7.0.34

Apache ≫ Tomcat Version7.0.35

Apache ≫ Tomcat Version7.0.36

Apache ≫ Tomcat Version7.0.37

Apache ≫ Tomcat Version7.0.38

Apache ≫ Tomcat Version7.0.39

Apache ≫ Tomcat Version7.0.40

Apache ≫ Tomcat Version7.0.41

Apache ≫ Tomcat Version7.0.42

Apache ≫ Tomcat Version7.0.43

Apache ≫ Tomcat Version7.0.44

Apache ≫ Tomcat Version7.0.45

Apache ≫ Tomcat Version7.0.46

Apache ≫ Tomcat Version8.0.0 Updaterc1

Apache ≫ Tomcat Version8.0.0 Updaterc2

Apache ≫ Tomcat Version <= 6.0.37

Apache ≫ Tomcat Version1.1.3

Apache ≫ Tomcat Version3.0

Apache ≫ Tomcat Version3.1

Apache ≫ Tomcat Version3.1.1

Apache ≫ Tomcat Version3.2

Apache ≫ Tomcat Version3.2.1

Apache ≫ Tomcat Version3.2.2

Apache ≫ Tomcat Version3.2.2 Updatebeta2

Apache ≫ Tomcat Version3.2.3

Apache ≫ Tomcat Version3.2.4

Apache ≫ Tomcat Version3.3

Apache ≫ Tomcat Version3.3.1

Apache ≫ Tomcat Version3.3.1a

Apache ≫ Tomcat Version3.3.2

Apache ≫ Tomcat Version4

Apache ≫ Tomcat Version4.0.0

Apache ≫ Tomcat Version4.0.1

Apache ≫ Tomcat Version4.0.2

Apache ≫ Tomcat Version4.0.3

Apache ≫ Tomcat Version4.0.4

Apache ≫ Tomcat Version4.0.5

Apache ≫ Tomcat Version4.0.6

Apache ≫ Tomcat Version4.1.0

Apache ≫ Tomcat Version4.1.1

Apache ≫ Tomcat Version4.1.2

Apache ≫ Tomcat Version4.1.3

Apache ≫ Tomcat Version4.1.3 Updatebeta

Apache ≫ Tomcat Version4.1.9 Updatebeta

Apache ≫ Tomcat Version4.1.10

Apache ≫ Tomcat Version4.1.12

Apache ≫ Tomcat Version4.1.15

Apache ≫ Tomcat Version4.1.24

Apache ≫ Tomcat Version4.1.28

Apache ≫ Tomcat Version4.1.29

Apache ≫ Tomcat Version4.1.31

Apache ≫ Tomcat Version4.1.36

Apache ≫ Tomcat Version5

Apache ≫ Tomcat Version5.0.0

Apache ≫ Tomcat Version5.0.1

Apache ≫ Tomcat Version5.0.2

Apache ≫ Tomcat Version5.0.3

Apache ≫ Tomcat Version5.0.4

Apache ≫ Tomcat Version5.0.5

Apache ≫ Tomcat Version5.0.6

Apache ≫ Tomcat Version5.0.7

Apache ≫ Tomcat Version5.0.8

Apache ≫ Tomcat Version5.0.9

Apache ≫ Tomcat Version5.0.10

Apache ≫ Tomcat Version5.0.11

Apache ≫ Tomcat Version5.0.12

Apache ≫ Tomcat Version5.0.13

Apache ≫ Tomcat Version5.0.14

Apache ≫ Tomcat Version5.0.15

Apache ≫ Tomcat Version5.0.16

Apache ≫ Tomcat Version5.0.17

Apache ≫ Tomcat Version5.0.18

Apache ≫ Tomcat Version5.0.19

Apache ≫ Tomcat Version5.0.21

Apache ≫ Tomcat Version5.0.22

Apache ≫ Tomcat Version5.0.23

Apache ≫ Tomcat Version5.0.24

Apache ≫ Tomcat Version5.0.25

Apache ≫ Tomcat Version5.0.26

Apache ≫ Tomcat Version5.0.27

Apache ≫ Tomcat Version5.0.28

Apache ≫ Tomcat Version5.0.29

Apache ≫ Tomcat Version5.0.30

Apache ≫ Tomcat Version5.5.0

Apache ≫ Tomcat Version5.5.1

Apache ≫ Tomcat Version5.5.2

Apache ≫ Tomcat Version5.5.3

Apache ≫ Tomcat Version5.5.4

Apache ≫ Tomcat Version5.5.5

Apache ≫ Tomcat Version5.5.6

Apache ≫ Tomcat Version5.5.7

Apache ≫ Tomcat Version5.5.8

Apache ≫ Tomcat Version5.5.9

Apache ≫ Tomcat Version5.5.10

Apache ≫ Tomcat Version5.5.11

Apache ≫ Tomcat Version5.5.12

Apache ≫ Tomcat Version5.5.13

Apache ≫ Tomcat Version5.5.14

Apache ≫ Tomcat Version5.5.15

Apache ≫ Tomcat Version5.5.16

Apache ≫ Tomcat Version5.5.17

Apache ≫ Tomcat Version5.5.18

Apache ≫ Tomcat Version5.5.19

Apache ≫ Tomcat Version5.5.20

Apache ≫ Tomcat Version5.5.21

Apache ≫ Tomcat Version5.5.22

Apache ≫ Tomcat Version5.5.23

Apache ≫ Tomcat Version5.5.24

Apache ≫ Tomcat Version5.5.25

Apache ≫ Tomcat Version5.5.26

Apache ≫ Tomcat Version5.5.27

Apache ≫ Tomcat Version5.5.28

Apache ≫ Tomcat Version5.5.29

Apache ≫ Tomcat Version5.5.30

Apache ≫ Tomcat Version5.5.31

Apache ≫ Tomcat Version5.5.32

Apache ≫ Tomcat Version5.5.33

Apache ≫ Tomcat Version5.5.34

Apache ≫ Tomcat Version5.5.35

Apache ≫ Tomcat Version6

Apache ≫ Tomcat Version6.0

Apache ≫ Tomcat Version6.0.0

Apache ≫ Tomcat Version6.0.0 Updatealpha

Apache ≫ Tomcat Version6.0.1

Apache ≫ Tomcat Version6.0.1 Updatealpha

Apache ≫ Tomcat Version6.0.2

Apache ≫ Tomcat Version6.0.2 Updatealpha

Apache ≫ Tomcat Version6.0.2 Updatebeta

Apache ≫ Tomcat Version6.0.3

Apache ≫ Tomcat Version6.0.10

Apache ≫ Tomcat Version6.0.11

Apache ≫ Tomcat Version6.0.12

Apache ≫ Tomcat Version6.0.13

Apache ≫ Tomcat Version6.0.14

Apache ≫ Tomcat Version6.0.15

Apache ≫ Tomcat Version6.0.16

Apache ≫ Tomcat Version6.0.17

Apache ≫ Tomcat Version6.0.18

Apache ≫ Tomcat Version6.0.19

Apache ≫ Tomcat Version6.0.20

Apache ≫ Tomcat Version6.0.24

Apache ≫ Tomcat Version6.0.26

Apache ≫ Tomcat Version6.0.27

Apache ≫ Tomcat Version6.0.28

Apache ≫ Tomcat Version6.0.29

Apache ≫ Tomcat Version6.0.30

Apache ≫ Tomcat Version6.0.31

Apache ≫ Tomcat Version6.0.32

Apache ≫ Tomcat Version6.0.33

Apache ≫ Tomcat Version6.0.35

Apache ≫ Tomcat Version6.0.36

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	26.07%	0.961

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://tomcat.apache.org/security-6.html

Vendor Advisory

https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

http://tomcat.apache.org/security-7.html

Vendor Advisory

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html