4.3

CVE-2013-4322

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheTomcat Version7.0.0
ApacheTomcat Version7.0.0 Updatebeta
ApacheTomcat Version7.0.1
ApacheTomcat Version7.0.2
ApacheTomcat Version7.0.2 Updatebeta
ApacheTomcat Version7.0.3
ApacheTomcat Version7.0.4
ApacheTomcat Version7.0.4 Updatebeta
ApacheTomcat Version7.0.10
ApacheTomcat Version7.0.11
ApacheTomcat Version7.0.12
ApacheTomcat Version7.0.13
ApacheTomcat Version7.0.14
ApacheTomcat Version7.0.15
ApacheTomcat Version7.0.16
ApacheTomcat Version7.0.17
ApacheTomcat Version7.0.18
ApacheTomcat Version7.0.19
ApacheTomcat Version7.0.20
ApacheTomcat Version7.0.21
ApacheTomcat Version7.0.22
ApacheTomcat Version7.0.23
ApacheTomcat Version7.0.24
ApacheTomcat Version7.0.25
ApacheTomcat Version7.0.26
ApacheTomcat Version7.0.27
ApacheTomcat Version7.0.28
ApacheTomcat Version7.0.29
ApacheTomcat Version7.0.30
ApacheTomcat Version7.0.31
ApacheTomcat Version7.0.32
ApacheTomcat Version7.0.33
ApacheTomcat Version7.0.34
ApacheTomcat Version7.0.35
ApacheTomcat Version7.0.36
ApacheTomcat Version7.0.37
ApacheTomcat Version7.0.38
ApacheTomcat Version7.0.39
ApacheTomcat Version7.0.40
ApacheTomcat Version7.0.41
ApacheTomcat Version7.0.42
ApacheTomcat Version7.0.43
ApacheTomcat Version7.0.44
ApacheTomcat Version7.0.45
ApacheTomcat Version7.0.46
ApacheTomcat Version7.0.50
ApacheTomcat Version <= 6.0.37
ApacheTomcat Version1.1.3
ApacheTomcat Version3.0
ApacheTomcat Version3.1
ApacheTomcat Version3.1.1
ApacheTomcat Version3.2
ApacheTomcat Version3.2.1
ApacheTomcat Version3.2.2
ApacheTomcat Version3.2.2 Updatebeta2
ApacheTomcat Version3.2.3
ApacheTomcat Version3.2.4
ApacheTomcat Version3.3
ApacheTomcat Version3.3.1
ApacheTomcat Version3.3.1a
ApacheTomcat Version3.3.2
ApacheTomcat Version4
ApacheTomcat Version4.0.0
ApacheTomcat Version4.0.1
ApacheTomcat Version4.0.2
ApacheTomcat Version4.0.3
ApacheTomcat Version4.0.4
ApacheTomcat Version4.0.5
ApacheTomcat Version4.0.6
ApacheTomcat Version4.1.0
ApacheTomcat Version4.1.1
ApacheTomcat Version4.1.2
ApacheTomcat Version4.1.3
ApacheTomcat Version4.1.3 Updatebeta
ApacheTomcat Version4.1.9 Updatebeta
ApacheTomcat Version4.1.10
ApacheTomcat Version4.1.12
ApacheTomcat Version4.1.15
ApacheTomcat Version4.1.24
ApacheTomcat Version4.1.28
ApacheTomcat Version4.1.29
ApacheTomcat Version4.1.31
ApacheTomcat Version4.1.36
ApacheTomcat Version5
ApacheTomcat Version5.0.0
ApacheTomcat Version5.0.1
ApacheTomcat Version5.0.2
ApacheTomcat Version5.0.3
ApacheTomcat Version5.0.4
ApacheTomcat Version5.0.5
ApacheTomcat Version5.0.6
ApacheTomcat Version5.0.7
ApacheTomcat Version5.0.8
ApacheTomcat Version5.0.9
ApacheTomcat Version5.0.10
ApacheTomcat Version5.0.11
ApacheTomcat Version5.0.12
ApacheTomcat Version5.0.13
ApacheTomcat Version5.0.14
ApacheTomcat Version5.0.15
ApacheTomcat Version5.0.16
ApacheTomcat Version5.0.17
ApacheTomcat Version5.0.18
ApacheTomcat Version5.0.19
ApacheTomcat Version5.0.21
ApacheTomcat Version5.0.22
ApacheTomcat Version5.0.23
ApacheTomcat Version5.0.24
ApacheTomcat Version5.0.25
ApacheTomcat Version5.0.26
ApacheTomcat Version5.0.27
ApacheTomcat Version5.0.28
ApacheTomcat Version5.0.29
ApacheTomcat Version5.0.30
ApacheTomcat Version5.5.0
ApacheTomcat Version5.5.1
ApacheTomcat Version5.5.2
ApacheTomcat Version5.5.3
ApacheTomcat Version5.5.4
ApacheTomcat Version5.5.5
ApacheTomcat Version5.5.6
ApacheTomcat Version5.5.7
ApacheTomcat Version5.5.8
ApacheTomcat Version5.5.9
ApacheTomcat Version5.5.10
ApacheTomcat Version5.5.11
ApacheTomcat Version5.5.12
ApacheTomcat Version5.5.13
ApacheTomcat Version5.5.14
ApacheTomcat Version5.5.15
ApacheTomcat Version5.5.16
ApacheTomcat Version5.5.17
ApacheTomcat Version5.5.18
ApacheTomcat Version5.5.19
ApacheTomcat Version5.5.20
ApacheTomcat Version5.5.21
ApacheTomcat Version5.5.22
ApacheTomcat Version5.5.23
ApacheTomcat Version5.5.24
ApacheTomcat Version5.5.25
ApacheTomcat Version5.5.26
ApacheTomcat Version5.5.27
ApacheTomcat Version5.5.28
ApacheTomcat Version5.5.29
ApacheTomcat Version5.5.30
ApacheTomcat Version5.5.31
ApacheTomcat Version5.5.32
ApacheTomcat Version5.5.33
ApacheTomcat Version5.5.34
ApacheTomcat Version5.5.35
ApacheTomcat Version6
ApacheTomcat Version6.0
ApacheTomcat Version6.0.0
ApacheTomcat Version6.0.0 Updatealpha
ApacheTomcat Version6.0.1
ApacheTomcat Version6.0.1 Updatealpha
ApacheTomcat Version6.0.2
ApacheTomcat Version6.0.2 Updatealpha
ApacheTomcat Version6.0.2 Updatebeta
ApacheTomcat Version6.0.3
ApacheTomcat Version6.0.10
ApacheTomcat Version6.0.11
ApacheTomcat Version6.0.12
ApacheTomcat Version6.0.13
ApacheTomcat Version6.0.14
ApacheTomcat Version6.0.15
ApacheTomcat Version6.0.16
ApacheTomcat Version6.0.17
ApacheTomcat Version6.0.18
ApacheTomcat Version6.0.19
ApacheTomcat Version6.0.20
ApacheTomcat Version6.0.24
ApacheTomcat Version6.0.26
ApacheTomcat Version6.0.27
ApacheTomcat Version6.0.28
ApacheTomcat Version6.0.29
ApacheTomcat Version6.0.30
ApacheTomcat Version6.0.31
ApacheTomcat Version6.0.32
ApacheTomcat Version6.0.33
ApacheTomcat Version6.0.35
ApacheTomcat Version6.0.36
ApacheTomcat Version8.0.0 Updaterc1
ApacheTomcat Version8.0.0 Updaterc2
ApacheTomcat Version8.0.0 Updaterc3
ApacheTomcat Version8.0.0 Updaterc4
ApacheTomcat Version8.0.0 Updaterc5
ApacheTomcat Version8.0.0 Updaterc6
ApacheTomcat Version8.0.0 Updaterc7
ApacheTomcat Version8.0.0 Updaterc8
ApacheTomcat Version8.0.0 Updaterc9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.46% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tomcat.apache.org/security-6.html
Vendor Advisory
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
http://tomcat.apache.org/security-7.html
Vendor Advisory
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
http://seclists.org/fulldisclosure/2014/Dec/23
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.securityfocus.com/archive/1/534161/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2014-0012.html
http://www.vmware.com/security/advisories/VMSA-2014-0008.html
http://marc.info/?l=bugtraq&m=144498216801440&w=2
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
http://advisories.mageia.org/MGASA-2014-0148.html
http://secunia.com/advisories/59036
http://secunia.com/advisories/59675
http://secunia.com/advisories/59722
http://secunia.com/advisories/59724
http://secunia.com/advisories/59873
http://tomcat.apache.org/security-8.html
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21667883
http://www-01.ibm.com/support/docview.wss?uid=swg21675886
http://www-01.ibm.com/support/docview.wss?uid=swg21677147
http://www-01.ibm.com/support/docview.wss?uid=swg21678113
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
http://www.debian.org/security/2016/dsa-3530
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
http://www.ubuntu.com/usn/USN-2130-1
https://rhn.redhat.com/errata/RHSA-2014-0686.html
http://svn.apache.org/viewvc?view=revision&revision=1521834
http://svn.apache.org/viewvc?view=revision&revision=1521864
http://svn.apache.org/viewvc?view=revision&revision=1549522
http://svn.apache.org/viewvc?view=revision&revision=1549523
http://svn.apache.org/viewvc?view=revision&revision=1556540
http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
http://www.securityfocus.com/bid/65767
https://bugzilla.redhat.com/show_bug.cgi?id=1069905