exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

CVE-2013-4322

Status Candidate

Overview

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Related Files

Debian Security Advisory 3530-1
Posted Mar 26, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3530-1 - Multiple security vulnerabilities have been fixed in the Tomcat servlet and JSP engine, which may result on bypass of security manager restrictions, information disclosure, denial of service or session fixation.

tags | advisory, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227, CVE-2014-0230, CVE-2014-7810, CVE-2015-5174, CVE-2015-5345, CVE-2015-5346, CVE-2015-5351, CVE-2016-0706, CVE-2016-0714, CVE-2016-0763
MD5 | b3ff78c3cc3e2ba76e5dbd1283a387d3
HP Security Bulletin HPSBOV03503 1
Posted Oct 16, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBOV03503 1 - Potential security vulnerabilities have been identified in HP OpenVMS CSWS_JAVA running Tomcat. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) and other impacts. Revision 1 of this advisory.

tags | advisory, denial of service, vulnerability
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4444, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0230, CVE-2014-0277
MD5 | 6fe4f7a06015373b53986b43bfde1890
Mandriva Linux Security Advisory 2015-084
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-084 - An updated tomcat package fixes multiple security vulnerabilities.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2013-4322, CVE-2013-4590, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
MD5 | 82dd318323f23655423f20a4a766b3b9
Mandriva Linux Security Advisory 2015-052
Posted Mar 3, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-052 - Apache Tomcat 7.x before 7.0.47, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via a Content-Length header and a Transfer-Encoding: chunked header. Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling a large total amount of chunked data or whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. Various otehr issues have also been addressed.

tags | advisory, java, remote, web, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119, CVE-2014-0227
MD5 | 12214eea7943a02a1491aec04cfda503
Gentoo Linux Security Advisory 201412-29
Posted Dec 15, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-29 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which may result in Denial of Service. Versions less than 7.0.56 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2012-2733, CVE-2012-3544, CVE-2012-3546, CVE-2012-4431, CVE-2012-4534, CVE-2012-5885, CVE-2012-5886, CVE-2012-5887, CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033, CVE-2014-0050, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119
MD5 | 647b25de46b1c32b73686dc16ad0f07c
VMware Security Advisory 2014-0008
Posted Sep 11, 2014
Authored by VMware | Site vmware.com

VMware Security Advisory 2014-0008 - VMware has updated vSphere third party libraries.

tags | advisory
advisories | CVE-2013-0242, CVE-2013-1914, CVE-2013-4322, CVE-2013-4590, CVE-2014-0050, CVE-2014-0114
MD5 | 39eac37f6e1dbb57e7d35ab3c27198e6
Red Hat Security Advisory 2014-0686-01
Posted Jun 11, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0686-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that a fix for a previous security flaw introduced a regression that could cause a denial of service in Tomcat 7. A remote attacker could use this flaw to consume an excessive amount of CPU on the Tomcat server by sending a specially crafted request to that server. It was found that when Tomcat 7 processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, denial of service, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0186
MD5 | e4fc2d79cac229b25d62a472e66aad9f
Red Hat Security Advisory 2014-0527-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0527-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
MD5 | cbaf8e83b137d86f20c6279f7c8c6356
Red Hat Security Advisory 2014-0526-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0526-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
MD5 | 1559ab174347a91f1a513a117fb9d578
Red Hat Security Advisory 2014-0525-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0525-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050
MD5 | 8ed8cd9a16ac7c4f47d24a9b73b30438
Red Hat Security Advisory 2014-0528-01
Posted May 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0528-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests.

tags | advisory, java, remote, web, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050
MD5 | 517003c76e4cbbd085ef86ec707475d3
Red Hat Security Advisory 2014-0429-01
Posted Apr 23, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0429-01 - Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages technologies. It was found that when Tomcat processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting attacks, or obtain sensitive information from other requests. It was discovered that the fix for CVE-2012-3544 did not properly resolve a denial of service flaw in the way Tomcat processed chunk extensions and trailing headers in chunked requests. A remote attacker could use this flaw to send an excessively long request that, when processed by Tomcat, could consume network bandwidth, CPU, and memory on the Tomcat server. Note that chunked transfer encoding is enabled by default.

tags | advisory, java, remote, web, denial of service, xss
systems | linux, redhat
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
MD5 | 4a1e295c7bb9afd1b67d2172a41ebc0b
Debian Security Advisory 2897-1
Posted Apr 8, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2897-1 - Multiple security issues were found in the Tomcat servlet and JSP engine.

tags | advisory
systems | linux, debian
advisories | CVE-2013-2067, CVE-2013-2071, CVE-2013-4286, CVE-2013-4322, CVE-2014-0050
MD5 | 8e701e5bd7e02ad835906127a793048a
Ubuntu Security Notice USN-2130-1
Posted Mar 6, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2130-1 - It was discovered that Tomcat incorrectly handled certain inconsistent HTTP headers. A remote attacker could possibly use this flaw to conduct request smuggling attacks. It was discovered that Tomcat incorrectly handled certain requests submitted using chunked transfer encoding. A remote attacker could use this flaw to cause the Tomcat server to stop responding, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, remote, web, denial of service
systems | linux, ubuntu
advisories | CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050, CVE-2013-4286, CVE-2013-4322, CVE-2014-0033, CVE-2014-0050
MD5 | c3426739b24f0d8b9697ba017eea7d05
Apache Tomcat Denial Of Service
Posted Feb 26, 2014
Authored by Mark Thomas | Site tomcat.apache.org

Apache Tomcat versions 8.0.0-RC1 through 8.0.0-RC5, 7.0.0 through 7.0.47, and 6.0.0 through 6.0.37 suffer from a denial of service vulnerability due to an incomplete fix for CVE-2012-3544.

tags | advisory, denial of service
advisories | CVE-2012-3544, CVE-2013-4322
MD5 | 400469129e73f607c8550c11f22ca095
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    16 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close