5.8
CVSSv2

CVE-2013-4286

Published: 26/02/2014 Updated: 15/04/2019
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

Apache Tomcat prior to 6.0.39, 7.x prior to 7.0.47, and 8.x prior to 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote malicious users to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat 7.0.0

apache tomcat 7.0.1

apache tomcat 7.0.2

apache tomcat 7.0.3

apache tomcat 7.0.4

apache tomcat 7.0.10

apache tomcat 7.0.11

apache tomcat 7.0.12

apache tomcat 7.0.13

apache tomcat 7.0.14

apache tomcat 7.0.15

apache tomcat 7.0.16

apache tomcat 7.0.17

apache tomcat 7.0.18

apache tomcat 7.0.19

apache tomcat 7.0.20

apache tomcat 7.0.21

apache tomcat 7.0.22

apache tomcat 7.0.23

apache tomcat 7.0.24

apache tomcat 7.0.25

apache tomcat 7.0.26

apache tomcat 7.0.27

apache tomcat 7.0.28

apache tomcat 7.0.29

apache tomcat 7.0.30

apache tomcat 7.0.31

apache tomcat 7.0.32

apache tomcat 7.0.33

apache tomcat 7.0.34

apache tomcat 7.0.35

apache tomcat 7.0.36

apache tomcat 7.0.37

apache tomcat 7.0.38

apache tomcat 7.0.39

apache tomcat 7.0.40

apache tomcat 7.0.41

apache tomcat 7.0.42

apache tomcat 7.0.43

apache tomcat 7.0.44

apache tomcat 7.0.45

apache tomcat 7.0.46

apache tomcat 8.0.0

apache tomcat 1.1.3

apache tomcat 3.0

apache tomcat 3.1

apache tomcat 3.1.1

apache tomcat 3.2

apache tomcat 3.2.1

apache tomcat 3.2.2

apache tomcat 3.2.3

apache tomcat 3.2.4

apache tomcat 3.3

apache tomcat 3.3.1

apache tomcat 3.3.1a

apache tomcat 3.3.2

apache tomcat 4

apache tomcat 4.0.0

apache tomcat 4.0.1

apache tomcat 4.0.2

apache tomcat 4.0.3

apache tomcat 4.0.4

apache tomcat 4.0.5

apache tomcat 4.0.6

apache tomcat 4.1.0

apache tomcat 4.1.1

apache tomcat 4.1.2

apache tomcat 4.1.3

apache tomcat 4.1.9

apache tomcat 4.1.10

apache tomcat 4.1.12

apache tomcat 4.1.15

apache tomcat 4.1.24

apache tomcat 4.1.28

apache tomcat 4.1.29

apache tomcat 4.1.31

apache tomcat 4.1.36

apache tomcat 5

apache tomcat 5.0.0

apache tomcat 5.0.1

apache tomcat 5.0.2

apache tomcat 5.0.3

apache tomcat 5.0.4

apache tomcat 5.0.5

apache tomcat 5.0.6

apache tomcat 5.0.7

apache tomcat 5.0.8

apache tomcat 5.0.9

apache tomcat 5.0.10

apache tomcat 5.0.11

apache tomcat 5.0.12

apache tomcat 5.0.13

apache tomcat 5.0.14

apache tomcat 5.0.15

apache tomcat 5.0.16

apache tomcat 5.0.17

apache tomcat 5.0.18

apache tomcat 5.0.19

apache tomcat 5.0.21

apache tomcat 5.0.22

apache tomcat 5.0.23

apache tomcat 5.0.24

apache tomcat 5.0.25

apache tomcat 5.0.26

apache tomcat 5.0.27

apache tomcat 5.0.28

apache tomcat 5.0.29

apache tomcat 5.0.30

apache tomcat 5.5.0

apache tomcat 5.5.1

apache tomcat 5.5.2

apache tomcat 5.5.3

apache tomcat 5.5.4

apache tomcat 5.5.5

apache tomcat 5.5.6

apache tomcat 5.5.7

apache tomcat 5.5.8

apache tomcat 5.5.9

apache tomcat 5.5.10

apache tomcat 5.5.11

apache tomcat 5.5.12

apache tomcat 5.5.13

apache tomcat 5.5.14

apache tomcat 5.5.15

apache tomcat 5.5.16

apache tomcat 5.5.17

apache tomcat 5.5.18

apache tomcat 5.5.19

apache tomcat 5.5.20

apache tomcat 5.5.21

apache tomcat 5.5.22

apache tomcat 5.5.23

apache tomcat 5.5.24

apache tomcat 5.5.25

apache tomcat 5.5.26

apache tomcat 5.5.27

apache tomcat 5.5.28

apache tomcat 5.5.29

apache tomcat 5.5.30

apache tomcat 5.5.31

apache tomcat 5.5.32

apache tomcat 5.5.33

apache tomcat 5.5.34

apache tomcat 5.5.35

apache tomcat 6

apache tomcat 6.0

apache tomcat 6.0.0

apache tomcat 6.0.1

apache tomcat 6.0.2

apache tomcat 6.0.3

apache tomcat 6.0.10

apache tomcat 6.0.11

apache tomcat 6.0.12

apache tomcat 6.0.13

apache tomcat 6.0.14

apache tomcat 6.0.15

apache tomcat 6.0.16

apache tomcat 6.0.17

apache tomcat 6.0.18

apache tomcat 6.0.19

apache tomcat 6.0.20

apache tomcat 6.0.24

apache tomcat 6.0.26

apache tomcat 6.0.27

apache tomcat 6.0.28

apache tomcat 6.0.29

apache tomcat 6.0.30

apache tomcat 6.0.31

apache tomcat 6.0.32

apache tomcat 6.0.33

apache tomcat 6.0.35

apache tomcat 6.0.36

apache tomcat

Vendor Advisories

It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request A remote attacker could use this flaw to poison a web cache, perf ...
Several security issues were fixed in Tomcat ...
Debian Bug report logs - #707704 tomcat7: CVE-2013-2071 Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 10 May 2013 13:27:01 UTC Seve ...
Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a req ...
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request A remote attacker could use this flaw to poison a web cache, perform cross-site scripting ...
Oracle Critical Patch Update Advisory - April 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory Thus, prior Critical Patch ...
<!-- content goes here --> Oracle Critical Patch Update Advisory - January 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisor ...
Oracle Critical Patch Update Advisory - October 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

References

CWE-20http://advisories.mageia.org/MGASA-2014-0148.htmlhttp://marc.info/?l=bugtraq&m=141390017113542&w=2http://marc.info/?l=bugtraq&m=144498216801440&w=2http://rhn.redhat.com/errata/RHSA-2014-0343.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0344.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0345.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/57675http://secunia.com/advisories/59036http://secunia.com/advisories/59675http://secunia.com/advisories/59722http://secunia.com/advisories/59724http://secunia.com/advisories/59733http://secunia.com/advisories/59873http://svn.apache.org/viewvc?view=revision&revision=1521829http://svn.apache.org/viewvc?view=revision&revision=1521854http://svn.apache.org/viewvc?view=revision&revision=1552565http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/65773http://www.ubuntu.com/usn/USN-2130-1http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21667883http://www-01.ibm.com/support/docview.wss?uid=swg21675886http://www-01.ibm.com/support/docview.wss?uid=swg21677147http://www-01.ibm.com/support/docview.wss?uid=swg21678113http://www-01.ibm.com/support/docview.wss?uid=swg21678231https://bugzilla.redhat.com/show_bug.cgi?id=1069921https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3Ehttps://rhn.redhat.com/errata/RHSA-2014-0686.htmlhttps://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2013-4286http://tools.cisco.com/security/center/viewAlert.x?alertId=33606https://nvd.nist.govhttps://usn.ubuntu.com/2130-1/