Lucene search

PRIOn knowledge basePRION:CVE-2013-4322

HistoryFeb 26, 2014 - 2:55 p.m.

Design/Logic Flaw

2014-02-2614:55:00

PRIOn knowledge base

www.prio-n.com

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.932 High

EPSS

Percentile

99.0%

JSON

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

CPENameOperatorVersion
tomcateq7.0.2 beta
tomcateq7.0.12
tomcateq7.0.20
tomcateq7.0.34
tomcateq7.0.1
tomcateq7.0.2
tomcateq7.0.4 beta
tomcateq7.0.22
tomcateq7.0.39
tomcateq7.0.26

Name	Operator	Version
tomcat	eq	7.0.2 beta
tomcat	eq	7.0.12
tomcat	eq	7.0.20
tomcat	eq	7.0.34
tomcat	eq	7.0.1
tomcat	eq	7.0.2
tomcat	eq	7.0.4 beta
tomcat	eq	7.0.22
tomcat	eq	7.0.39
tomcat	eq	7.0.26

Rows per page:

1-10 of 1911

References

advisories.mageia.org/MGASA-2014-0148.html

seclists.org/fulldisclosure/2014/Dec/23

secunia.com/advisories/59036

secunia.com/advisories/59675

secunia.com/advisories/59722

secunia.com/advisories/59724

secunia.com/advisories/59873

svn.apache.org/viewvc?view=revision&revision=1521834

svn.apache.org/viewvc?view=revision&revision=1521864

svn.apache.org/viewvc?view=revision&revision=1549522

svn.apache.org/viewvc?view=revision&revision=1549523

svn.apache.org/viewvc?view=revision&revision=1556540

tomcat.apache.org/security-6.html

tomcat.apache.org/security-7.html

tomcat.apache.org/security-8.html

www-01.ibm.com/support/docview.wss?uid=swg21667883

www-01.ibm.com/support/docview.wss?uid=swg21675886

www-01.ibm.com/support/docview.wss?uid=swg21677147

www-01.ibm.com/support/docview.wss?uid=swg21678113

www-01.ibm.com/support/docview.wss?uid=swg21678231

www.debian.org/security/2016/dsa-3530

www.mandriva.com/security/advisories?name=MDVSA-2015:052

www.mandriva.com/security/advisories?name=MDVSA-2015:084

www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

www.securityfocus.com/archive/1/534161/100/0/threaded

www.securityfocus.com/bid/65767

www.ubuntu.com/usn/USN-2130-1

www.vmware.com/security/advisories/VMSA-2014-0008.html

www.vmware.com/security/advisories/VMSA-2014-0012.html

bugzilla.redhat.com/show_bug.cgi?id=1069905

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E

lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E

marc.info/?l=bugtraq&m=144498216801440&w=2

rhn.redhat.com/errata/RHSA-2014-0686.html

6.9 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.932 High

EPSS

Percentile

99.0%

JSON

Related for PRION:CVE-2013-4322