Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). Apache Tomcat 7.x before 7.0.50 allows attackers to obtain “Tomcat internals” information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchtomcat< 7.0.52-1tomcat-7.0.52-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	tomcat	< 7.0.52-1	tomcat-7.0.52-1.mga4

References

tomcat.apache.org/security-7.html

bugs.mageia.org/show_bug.cgi?id=12955

fedora 1

openvas 31

mageia 1

ibm 20

nessus 39

securityvulns 7

tomcat 5

osv 6

debian 3

oraclelinux 6

ubuntu 1

redhat 18

centos 3

amazon 1

seebug 4

atlassian 2

debiancve 3

ubuntucve 3

github 3

checkpoint_advisories 1

cve 4

prion 4

veracode 3

vmware 2

gentoo 1

oracle 5

fedora

[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20

2014-09-26 09:02:42

openvas

Mageia: Security Advisory (MGASA-2014-0148)

2022-01-28 00:00:00

Mageia: Security Advisory (MGASA-2014-0149)

2022-01-28 00:00:00

Fedora Update for tomcat FEDORA-2014-11048

2014-10-01 00:00:00

mageia

Updated tomcat package fixes security vulnerabilities

2014-04-03 04:16:05

ibm

Security Bulletin: Apache Tomcat security vulnerability issues on IBM Storwize V7000 Unified system (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)

2018-06-18 00:08:13

Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)

2018-06-17 04:53:01

Security Bulletin: Multiple Apache Tomcat vulnerabilities in IBM Algo Audit and Compliance (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590, CVE-2014-0033)

2018-06-15 22:31:20

nessus

Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)

2014-09-29 00:00:00

Apache Tomcat < 8.0.0-RC10 Multiple Vulnerabilities

2019-01-11 00:00:00

Apache Tomcat 7.0.x < 7.0.50 Multiple Vulnerabilities

2014-02-25 00:00:00

securityvulns

Apache Tomcat multiple security vulnerabilities

2014-03-31 00:00:00

[SECURITY] CVE-2013-4590 Information disclosure via XXE when running untrusted web applications

2014-02-28 00:00:00

[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)

2014-02-28 00:00:00

tomcat

Fixed in Apache Tomcat 8.0.0-RC10

2013-12-26 00:00:00

Fixed in Apache Tomcat 7.0.50

2014-01-08 00:00:00

Fixed in Apache Tomcat 6.0.39

2014-01-31 00:00:00

osv

tomcat6 - security update

2014-11-23 00:00:00

tomcat6 - regression update

2014-11-23 00:00:00

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

2022-05-14 01:10:35

debian

[SECURITY] [DLA 91-1] tomcat6 security update

2014-11-23 09:02:25

[SECURITY] [DSA 2897-1] tomcat7 security update

2014-04-08 18:25:14

[SECURITY] [DSA 3530-1] tomcat6 security update

2016-03-25 18:47:56

oraclelinux

tomcat6 security update

2014-04-23 00:00:00

tomcat security update

2014-07-20 00:00:00

tomcat6 security update

2014-08-11 00:00:00

ubuntu

Tomcat vulnerabilities

2014-03-06 00:00:00

redhat

(RHSA-2014:0526) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat7 security update

2014-05-21 15:09:06

(RHSA-2014:0429) Moderate: tomcat6 security update

2014-04-23 00:00:00

(RHSA-2014:0686) Important: tomcat security update

2014-06-10 00:00:00

centos

tomcat6 security update

2014-04-23 19:07:14

tomcat6 security update

2014-08-11 18:04:13

tomcat6 security update

2014-07-09 16:09:49

amazon

Medium: tomcat6

2014-05-21 10:45:00

seebug

Apache TomcatXML外部实体信息泄漏漏洞

2014-02-27 00:00:00

Apache Tomcat 不完整修复拒绝服务漏洞

2014-02-27 00:00:00

Apache Tomcat 安全限制绕过漏洞

2014-02-26 00:00:00

atlassian

CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2

2014-05-24 04:42:42

CVE-2013-4590 vulnerability with Tomcat 7.0.42 shipped with Crowd 2.7.2

2014-05-24 04:42:42

debiancve

CVE-2013-4590

2014-02-26 14:55:00

CVE-2013-4322

2014-02-26 14:55:00

CVE-2013-4286

2014-02-26 14:55:00

ubuntucve

CVE-2013-4590

2014-02-26 00:00:00

CVE-2013-4322

2014-02-26 00:00:00

CVE-2013-4286

2014-02-26 00:00:00

github

Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat

2022-05-14 01:10:35

Apache Tomcat is vulnerable to HTTP request-smuggling

2022-05-14 01:10:36

Apache Tomcat Denial of Service vulnerability

2022-05-14 01:10:35

checkpoint_advisories

Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)

2014-03-05 00:00:00

cve

CVE-2013-4590

2014-02-26 14:55:00

CVE-2013-4322

2014-02-26 14:55:00

CVE-2013-4286

2014-02-26 14:55:00

prion

Xxe

2014-02-26 14:55:00

Design/Logic Flaw

2014-06-18 21:55:00

Design/Logic Flaw

2014-02-26 14:55:00

veracode

XML External Entity (XXE)

2019-01-15 08:58:51

Authorization Bypass

2019-05-02 05:02:08

Request-smuggling Attacks

2019-01-15 08:59:20

vmware

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

VMware vSphere product updates to third party libraries

2014-09-09 00:00:00

gentoo

Apache Tomcat: Multiple vulnerabilities

2014-12-15 00:00:00

oracle

Oracle Critical Patch Update - October 2014

2014-10-14 00:00:00

Oracle Critical Patch Update - July 2014

2014-07-15 00:00:00

Oracle Critical Patch Update - October 2016

2016-10-18 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.932 High

EPSS

Percentile

99.0%

JSON

Related for MGASA-2014-0149