4.3
CVSSv2

CVE-2013-4322

Published: 26/02/2014 Updated: 15/04/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Summary

Apache Tomcat prior to 6.0.39, 7.x prior to 7.0.50, and 8.x prior to 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote malicious users to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Affected Products

Vendor Product Versions
ApacheTomcat1.1.3, 3.0, 3.1, 3.1.1, 3.2, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.3, 3.3.1, 3.3.1a, 3.3.2, 4, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.9, 4.1.10, 4.1.12, 4.1.15, 4.1.24, 4.1.28, 4.1.29, 4.1.31, 4.1.36, 5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18, 5.0.19, 5.0.21, 5.0.22, 5.0.23, 5.0.24, 5.0.25, 5.0.26, 5.0.27, 5.0.28, 5.0.29, 5.0.30, 5.5.0, 5.5.1, 5.5.2, 5.5.3, 5.5.4, 5.5.5, 5.5.6, 5.5.7, 5.5.8, 5.5.9, 5.5.10, 5.5.11, 5.5.12, 5.5.13, 5.5.14, 5.5.15, 5.5.16, 5.5.17, 5.5.18, 5.5.19, 5.5.20, 5.5.21, 5.5.22, 5.5.23, 5.5.24, 5.5.25, 5.5.26, 5.5.27, 5.5.28, 5.5.29, 5.5.30, 5.5.31, 5.5.32, 5.5.33, 5.5.34, 5.5.35, 6, 6.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.0.10, 6.0.11, 6.0.12, 6.0.13, 6.0.14, 6.0.15, 6.0.16, 6.0.17, 6.0.18, 6.0.19, 6.0.20, 6.0.24, 6.0.26, 6.0.27, 6.0.28, 6.0.29, 6.0.30, 6.0.31, 6.0.32, 6.0.33, 6.0.35, 6.0.36, 6.0.37, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.10, 7.0.11, 7.0.12, 7.0.13, 7.0.14, 7.0.15, 7.0.16, 7.0.17, 7.0.18, 7.0.19, 7.0.20, 7.0.21, 7.0.22, 7.0.23, 7.0.24, 7.0.25, 7.0.26, 7.0.27, 7.0.28, 7.0.29, 7.0.30, 7.0.31, 7.0.32, 7.0.33, 7.0.34, 7.0.35, 7.0.36, 7.0.37, 7.0.38, 7.0.39, 7.0.40, 7.0.41, 7.0.42, 7.0.43, 7.0.44, 7.0.45, 7.0.46, 7.0.50, 8.0.0

Vendor Advisories

It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat and JBoss Web processed chunk extensions and trailing headers in chunked requests A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and me ...
Several security issues were fixed in Tomcat ...
Debian Bug report logs - #707704 tomcat7: CVE-2013-2071 Package: tomcat7; Maintainer for tomcat7 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for tomcat7 is src:tomcat7 (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Fri, 10 May 2013 13:27:01 UTC Seve ...
Multiple security issues were found in the Tomcat servlet and JSP engine: CVE-2013-2067 FORM authentication associates the most recent request requiring authentication with the current session By repeatedly sending a request for an authenticated resource while the victim is completing the login form, an attacker could inject a req ...
It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request A remote attacker could use this flaw to poison a web cache, perform cross-site scripting ...
Oracle Critical Patch Update Advisory - October 2016 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

References

CWE-20http://advisories.mageia.org/MGASA-2014-0148.htmlhttp://marc.info/?l=bugtraq&m=144498216801440&w=2http://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/59036http://secunia.com/advisories/59675http://secunia.com/advisories/59722http://secunia.com/advisories/59724http://secunia.com/advisories/59873http://svn.apache.org/viewvc?view=revision&revision=1521834http://svn.apache.org/viewvc?view=revision&revision=1521864http://svn.apache.org/viewvc?view=revision&revision=1549522http://svn.apache.org/viewvc?view=revision&revision=1549523http://svn.apache.org/viewvc?view=revision&revision=1556540http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21667883http://www-01.ibm.com/support/docview.wss?uid=swg21675886http://www-01.ibm.com/support/docview.wss?uid=swg21677147http://www-01.ibm.com/support/docview.wss?uid=swg21678113http://www-01.ibm.com/support/docview.wss?uid=swg21678231http://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.mandriva.com/security/advisories?name=MDVSA-2015:084http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/65767http://www.ubuntu.com/usn/USN-2130-1http://www.vmware.com/security/advisories/VMSA-2014-0008.htmlhttp://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1069905https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3Ehttps://rhn.redhat.com/errata/RHSA-2014-0686.htmlhttps://www.rapid7.com/db/vulnerabilities/debian-cve-2013-4322https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-4322https://usn.ubuntu.com/2130-1/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2014-0686http://tools.cisco.com/security/center/viewAlert.x?alertId=49332