PT-2013-4956 · Apache+4 · Apache Tomcat+4
Published
2013-12-26
·
Updated
2022-05-14
·
CVE-2013-4322
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat versions 6.0.0 through 6.0.38
Apache Tomcat versions 7.0.0 through 7.0.49
Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC9
Description
The issue allows remote attackers to cause a denial of service by streaming data, due to improper handling of chunked transfer coding. This includes handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field. The estimated number of potentially affected devices is not provided.
Recommendations
For Apache Tomcat versions 6.0.0 through 6.0.38, update to version 6.0.39 or later.
For Apache Tomcat versions 7.0.0 through 7.0.49, update to version 7.0.50 or later.
For Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC9, update to version 8.0.0-RC10 or later.
Fix
DoS
Resource Exhaustion
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Tomcat
Centos
Red Hat
Suse
Vmware Vcenter