Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4286HistoryFeb 26, 2014 - 2:55 p.m.
CVE-2013-4286
2014-02-2614:55:00
Debian Security Bug Tracker
security-tracker.debian.org
12
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request’s length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a “Transfer-Encoding: chunked” header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | tomcat7 | < 7.0.75-1 | tomcat7_7.0.75-1_all.deb |
| Debian | 9 | all | tomcat8 | < 8.5.54-0+deb9u1 | tomcat8_8.5.54-0+deb9u1_all.deb |
Related
seebug
seebug
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-27 00:00:00
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
Design/Logic Flaw
2014-06-18 21:55:00
veracode
veracode
Request-smuggling Attacks
2019-01-15 08:59:20
HTTP Request Smuggling
2018-11-13 06:55:19
Authorization Bypass
2019-05-02 05:02:08
osv
osv
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
tomcat6 - security update
2014-11-23 00:00:00
github
github
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
cve
cve
tomcat
tomcat
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
Fixed in Apache Tomcat 7.0.47
2013-10-24 00:00:00
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
2007-03-09 00:00:00
ubuntucve
ubuntucve
CVE-2013-4286
2014-02-26 00:00:00
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2014:0343)
2014-04-01 00:00:00
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
2011-11-18 00:00:00
Apache Tomcat 7.0.x < 7.0.47 / 8.0.x < 8.0.0-RC3 Information Disclosure
2019-01-11 00:00:00
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
f5
f5
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
redhat
redhat
(RHSA-2014:0458) Moderate: Red Hat JBoss Data Virtualization 6.0.0 security update
2014-04-30 18:58:00
(RHSA-2014:0374) Important: Red Hat JBoss Data Grid 6.2.1 update
2014-04-03 21:51:02
ibm
ibm
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-4286)
2018-06-17 04:53:14
openvas
openvas
Apache Tomcat Multiple Vulnerabilities - 01 - Mar14
2014-03-25 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Oracle Linux Local Check: ELSA-2014-0686
2015-10-06 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
Important: tomcat security update
2007-06-26 00:00:00
tomcat security update
2014-07-20 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
vmware
vmware
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
tomcat6 security update
2014-04-23 19:07:14
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related for DEBIANCVE:CVE-2013-4286