PT-2013-4956 · Apache+4 · Apache Tomcat+4

Publicado

2013-12-26

Atualizado

2022-05-14

CVE-2013-4322

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 6.0.0 through 6.0.38 Apache Tomcat versions 7.0.0 through 7.0.49 Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC9

Description The issue allows remote attackers to cause a denial of service by streaming data, due to improper handling of chunked transfer coding. This includes handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field. The estimated number of potentially affected devices is not provided.

Recommendations For Apache Tomcat versions 6.0.0 through 6.0.38, update to version 6.0.39 or later. For Apache Tomcat versions 7.0.0 through 7.0.49, update to version 7.0.50 or later. For Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC9, update to version 8.0.0-RC10 or later.

Correção

DoS

Resource Exhaustion

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-400CWE-20

Identificadores relacionados

CESA-2014_0429

CVE-2013-4322

DLA-91-1

DSA-2897-1

DSA-3530-1

GHSA-WQ2P-Q66W-Q8GP

MGASA-2014-0148

MGASA-2014-0149

RHSA-2014:0429

RHSA-2014:0525

RHSA-2014:0526

RHSA-2014:0686

RHSA-2014_0429

RHSA-2014_0686

USN-2130-1

Produtos afetados

Apache Tomcat

Centos

Red Hat

Suse

Vmware Vcenter

PT-2013-4956 · Apache+4 · Apache Tomcat+4

CVE-2013-4322

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 79