Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMEC830A809C3DE3DB9FB5FC8B91AF7F5A42F1217E9E279C16808286246593B31D
HistoryJun 17, 2018 - 4:55 a.m.

Security Bulletin: Open Source Apache Tomcat - 4 issues (CVE-2013-4286) for RAF

2018-06-1704:55:52
www.ibm.com
11

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON

Summary

Previous releases of IBM Rational Automation Framework (RAF) are affected by the vulnerabilitie in Apache Tomcat that may allow remote attackers to influence the availability of the Framework Server.

Vulnerability Details

| Subscribe to My Notifications to be notified of important product support alerts like this.

  • Follow this link for more information (requires login with your IBM ID)
    โ€”|โ€”

CVE ID:CVE-2013-4286** **

Description: Open Source Apache Tomcat - HTTP request smuggling issue.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91426&gt; for the current score. *CVSS Environmental Score:**Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Affected Products and Versions

Rational Automation Framework 3.0.1, 3.0.1.1 and 3.0.1.2 on all supported platforms.

Remediation/Fixes

For all affected versions of Rational Automation Framework_
_Upgrade to Rational Automation Framework version 3.0.1.2_iFix1 or later.

Workarounds and Mitigations

None

Related

openvas 19
redhat 14
ibm 16
nessus 23
prion 2
securityvulns 5
seebug 2
veracode 2
debiancve 1
ubuntucve 1
tomcat 3
cve 2
github 1
osv 4
mageia 2
oraclelinux 3
fedora 1
centos 1
ubuntu 1
amazon 1
debian 3
gentoo 1
oracle 5
openvas
openvas
Apache Tomcat Multiple Vulnerabilities - 01 (Mar 2014)
2014-03-25 00:00:00
Mageia: Security Advisory (MGASA-2014-0148)
2022-01-28 00:00:00
Mageia: Security Advisory (MGASA-2014-0149)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2014:0458) Moderate: Red Hat JBoss Data Virtualization 6.0.0 security update
2014-04-30 18:58:00
(RHSA-2014:0374) Important: Red Hat JBoss Data Grid 6.2.1 update
2014-04-03 21:51:02
(RHSA-2014:0511) Important: Red Hat JBoss Operations Network 3.2.1 security update
2014-05-15 17:17:17
ibm
ibm
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-4286)
2018-06-17 04:53:14
Security Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat
2023-02-18 01:45:50
Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache Tomcat
2018-06-18 00:08:27
nessus
nessus
Apache Tomcat 7.0.x < 7.0.47 / 8.0.x < 8.0.0-RC3 Information Disclosure
2019-01-11 00:00:00
RHEL 6 : JBoss EAP (RHSA-2014:0344)
2014-04-01 00:00:00
RHEL 5 : Red Hat JBoss Enterprise Application Platform 6.2.2 update (Moderate) (RHSA-2014:0343)
2014-04-01 00:00:00
prion
prion
Design/Logic Flaw
2014-06-18 21:55:00
Design/Logic Flaw
2014-02-26 14:55:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 &#40;Information disclosure&#41;
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
2015-04-17 00:00:00
seebug
seebug
Apache Tomcat ๅฎ‰ๅ…จ้™ๅˆถ็ป•่ฟ‡ๆผๆดž
2014-02-26 00:00:00
Apache TomcatไธๅฎŒๆ•ดไฟฎๅคไฟกๆฏๆณ„ๆผๆผๆดž
2014-02-27 00:00:00
veracode
veracode
Authorization Bypass
2019-05-02 05:02:08
Request-smuggling Attacks
2019-01-15 08:59:20
debiancve
debiancve
CVE-2013-4286
2014-02-26 14:55:00
ubuntucve
ubuntucve
CVE-2013-4286
2014-02-26 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
Fixed in Apache Tomcat 7.0.47
2013-10-24 00:00:00
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
cve
cve
CVE-2013-4286
2014-02-26 14:55:00
CVE-2014-4286
2014-06-18 21:55:00
github
github
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
osv
osv
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
tomcat6 - security update
2014-11-23 00:00:00
tomcat7 - security update
2014-04-08 00:00:00
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
tomcat security, bug fix, and enhancement update
2017-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
centos
centos
tomcat6 security update
2014-04-23 19:07:14
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

JSON
Related for EC830A809C3DE3DB9FB5FC8B91AF7F5A42F1217E9E279C16808286246593B31D
openvas19redhat14ibm16nessus23prion2securityvulns5seebug2veracode2debiancve1ubuntucve1tomcat3cve2github1osv4mageia2oraclelinux3fedora1centos1ubuntu1amazon1debian3gentoo1oracle5