Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4322

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-4322
Last Modified 01 Apr 2015 09:59:02
Published 26 Feb 2014 09:55:08
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-4322

Summary

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Vulnerable Systems

Application

  • Apache Tomcat 1.1.3

  • Apache Tomcat 3.0

  • Apache Tomcat 3.1

  • Apache Tomcat 3.1.1

  • Apache Tomcat 3.2

  • Apache Tomcat 3.2.1

  • Apache Tomcat 3.2.2

  • Apache Tomcat 3.2.3

  • Apache Tomcat 3.2.4

  • Apache Tomcat 3.3

  • Apache Tomcat 3.3.1

  • Apache Tomcat 3.3.1a

  • Apache Tomcat 3.3.2

  • Apache Tomcat 4

  • Apache Tomcat 4.0.0

  • Apache Tomcat 4.0.1

  • Apache Tomcat 4.0.2

  • Apache Tomcat 4.0.3

  • Apache Tomcat 4.0.4

  • Apache Tomcat 4.0.5

  • Apache Tomcat 4.0.6

  • Apache Tomcat 4.1.0

  • Apache Tomcat 4.1.1

  • Apache Tomcat 4.1.10

  • Apache Tomcat 4.1.12

  • Apache Tomcat 4.1.15

  • Apache Tomcat 4.1.2

  • Apache Tomcat 4.1.24

  • Apache Tomcat 4.1.28

  • Apache Tomcat 4.1.29

  • Apache Tomcat 4.1.3

  • Apache Tomcat 4.1.31

  • Apache Tomcat 4.1.36

  • Apache Tomcat 4.1.9

  • Apache Tomcat 5

  • Apache Tomcat 5.0.0

  • Apache Tomcat 5.0.1

  • Apache Tomcat 5.0.10

  • Apache Tomcat 5.0.11

  • Apache Tomcat 5.0.12

  • Apache Tomcat 5.0.13

  • Apache Tomcat 5.0.14

  • Apache Tomcat 5.0.15

  • Apache Tomcat 5.0.16

  • Apache Tomcat 5.0.17

  • Apache Tomcat 5.0.18

  • Apache Tomcat 5.0.19

  • Apache Tomcat 5.0.2

  • Apache Tomcat 5.0.21

  • Apache Tomcat 5.0.22

  • Apache Tomcat 5.0.23

  • Apache Tomcat 5.0.24

  • Apache Tomcat 5.0.25

  • Apache Tomcat 5.0.26

  • Apache Tomcat 5.0.27

  • Apache Tomcat 5.0.28

  • Apache Tomcat 5.0.29

  • Apache Tomcat 5.0.3

  • Apache Tomcat 5.0.30

  • Apache Tomcat 5.0.4

  • Apache Tomcat 5.0.5

  • Apache Tomcat 5.0.6

  • Apache Tomcat 5.0.7

  • Apache Tomcat 5.0.8

  • Apache Tomcat 5.0.9

  • Apache Tomcat 5.5.0

  • Apache Tomcat 5.5.1

  • Apache Tomcat 5.5.10

  • Apache Tomcat 5.5.11

  • Apache Tomcat 5.5.12

  • Apache Tomcat 5.5.13

  • Apache Tomcat 5.5.14

  • Apache Tomcat 5.5.15

  • Apache Tomcat 5.5.16

  • Apache Tomcat 5.5.17

  • Apache Tomcat 5.5.18

  • Apache Tomcat 5.5.19

  • Apache Tomcat 5.5.2

  • Apache Tomcat 5.5.20

  • Apache Tomcat 5.5.21

  • Apache Tomcat 5.5.22

  • Apache Tomcat 5.5.23

  • Apache Tomcat 5.5.24

  • Apache Tomcat 5.5.25

  • Apache Tomcat 5.5.26

  • Apache Tomcat 5.5.27

  • Apache Tomcat 5.5.28

  • Apache Tomcat 5.5.29

  • Apache Tomcat 5.5.3

  • Apache Tomcat 5.5.30

  • Apache Tomcat 5.5.31

  • Apache Tomcat 5.5.32

  • Apache Tomcat 5.5.33

  • Apache Tomcat 5.5.34

  • Apache Tomcat 5.5.35

  • Apache Tomcat 5.5.4

  • Apache Tomcat 5.5.5

  • Apache Tomcat 5.5.6

  • Apache Tomcat 5.5.7

  • Apache Tomcat 5.5.8

  • Apache Tomcat 5.5.9

  • Apache Tomcat 6

  • Apache Tomcat 6.0

  • Apache Tomcat 6.0.0

  • Apache Tomcat 6.0.1

  • Apache Tomcat 6.0.10

  • Apache Tomcat 6.0.11

  • Apache Tomcat 6.0.12

  • Apache Tomcat 6.0.13

  • Apache Tomcat 6.0.14

  • Apache Tomcat 6.0.15

  • Apache Tomcat 6.0.16

  • Apache Tomcat 6.0.17

  • Apache Tomcat 6.0.18

  • Apache Tomcat 6.0.19

  • Apache Tomcat 6.0.2

  • Apache Tomcat 6.0.20

  • Apache Tomcat 6.0.24

  • Apache Tomcat 6.0.26

  • Apache Tomcat 6.0.27

  • Apache Tomcat 6.0.28

  • Apache Tomcat 6.0.29

  • Apache Tomcat 6.0.3

  • Apache Tomcat 6.0.30

  • Apache Tomcat 6.0.31

  • Apache Tomcat 6.0.32

  • Apache Tomcat 6.0.33

  • Apache Tomcat 6.0.35

  • Apache Tomcat 6.0.36

  • Apache Tomcat 6.0.37

  • Apache Tomcat 7.0.0

  • Apache Tomcat 7.0.1

  • Apache Tomcat 7.0.10

  • Apache Tomcat 7.0.11

  • Apache Tomcat 7.0.12

  • Apache Tomcat 7.0.13

  • Apache Tomcat 7.0.14

  • Apache Tomcat 7.0.15

  • Apache Tomcat 7.0.16

  • Apache Tomcat 7.0.17

  • Apache Tomcat 7.0.18

  • Apache Tomcat 7.0.19

  • Apache Tomcat 7.0.2

  • Apache Tomcat 7.0.20

  • Apache Tomcat 7.0.21

  • Apache Tomcat 7.0.22

  • Apache Tomcat 7.0.23

  • Apache Tomcat 7.0.24

  • Apache Tomcat 7.0.25

  • Apache Tomcat 7.0.26

  • Apache Tomcat 7.0.27

  • Apache Tomcat 7.0.28

  • Apache Tomcat 7.0.29

  • Apache Tomcat 7.0.3

  • Apache Tomcat 7.0.30

  • Apache Tomcat 7.0.31

  • Apache Tomcat 7.0.32

  • Apache Tomcat 7.0.33

  • Apache Tomcat 7.0.34

  • Apache Tomcat 7.0.35

  • Apache Tomcat 7.0.36

  • Apache Tomcat 7.0.37

  • Apache Tomcat 7.0.38

  • Apache Tomcat 7.0.39

  • Apache Tomcat 7.0.4

  • Apache Tomcat 7.0.40

  • Apache Tomcat 7.0.41

  • Apache Tomcat 7.0.42

  • Apache Tomcat 7.0.43

  • Apache Tomcat 7.0.44

  • Apache Tomcat 7.0.45

  • Apache Tomcat 7.0.46

  • Apache Tomcat 7.0.50

  • Apache Tomcat 8.0.0


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1069905

CONFIRM - http://tomcat.apache.org/security-8.html

CONFIRM - http://tomcat.apache.org/security-7.html

CONFIRM - http://tomcat.apache.org/security-6.html

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1556540

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1549523

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1549522

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1521864

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1521834

REDHAT - RHSA-2014:0686

BID - 65767

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21678231

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21678113

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21677147

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21675886

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21667883

SECUNIA - 59873

SECUNIA - 59724

SECUNIA - 59722

SECUNIA - 59675

SECUNIA - 59036

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2014-0012.html

BUGTRAQ - 20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities

MANDRIVA - MDVSA-2015:052

CONFIRM - http://advisories.mageia.org/MGASA-2014-0148.html

MANDRIVA - MDVSA-2015:084

Related Patches

SUN122911-34 Solaris 10 SPARC: Apache 1.3 Patch

SUN122912-34 Solaris 10 x86: Apache 1.3 Patch


Last Updated: 27 May 2016 10:55:15