tomcat: Limited DoS in chunked transfer encoding input filter

🗓️ 03 Jul 2013 15:43:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 3 Views

Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 vulnerable to denial of service via chunked extensions.

Reporter	Title	Published	Views	Family All 120
IBM Security Bulletins	Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities	16 Jun 202221:33	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Test Control Panel in Rational Test Workbench and Rational Test Virtualization Server affected by Apache Tomcat vulnerablity (CVE-2013-4286, CVE-2013-4322, CVE-2013-4590)	17 Jun 201804:53	–	ibm
IBM Security Bulletins	Security Bulletin: Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)	17 Jun 201804:55	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j Vulnerabilities Affect IBM Sterling B2B Integrator	6 Oct 202114:56	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)	15 Jun 201807:01	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Deploy (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)	17 Jun 201822:31	–	ibm
Tenable Nessus	Apache Tomcat 7.0.x < 7.0.30 Multiple Vulnerabilities	26 Nov 201200:00	–	nessus
Tenable Nessus	Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities	20 May 201300:00	–	nessus
Tenable Nessus	Apache Tomcat 6.0.x < 6.0.37 Multiple Vulnerabilities	20 May 201300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : tomcat6 (ALAS-2014-344)	12 Oct 201400:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	any	apache-commons-daemon-eap6	1:1.0.15-4.redhat_1.ep6.el6.noarch	apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	i386	apache-commons-daemon-jsvc-eap6	1:1.0.15-1.redhat_1.ep6.el6	apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.i386.rpm
Red Hat Enterprise Linux	6	x86_64	apache-commons-daemon-jsvc-eap6	1:1.0.15-1.redhat_1.ep6.el6	apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6.x86_64.rpm
Red Hat Enterprise Linux	6	i386	apache-commons-daemon-jsvc-eap6-debuginfo	1:1.0.15-1.redhat_1.ep6.el6	apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.i386.rpm
Red Hat Enterprise Linux	6	x86_64	apache-commons-daemon-jsvc-eap6-debuginfo	1:1.0.15-1.redhat_1.ep6.el6	apache-commons-daemon-jsvc-eap6-debuginfo-1:1.0.15-1.redhat_1.ep6.el6.x86_64.rpm
Red Hat Enterprise Linux	6	any	apache-commons-pool-eap6	0:1.6-6.redhat_4.ep6.el6.noarch	apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	any	apache-commons-pool-tomcat-eap6	0:1.6-6.redhat_4.ep6.el6.noarch	apache-commons-pool-tomcat-eap6-0:1.6-6.redhat_4.ep6.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	any	dom4j	0:1.6.1-19.redhat_5.ep6.el6.noarch	dom4j-0:1.6.1-19.redhat_5.ep6.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	any	ecj3	1:3.7.2-6.redhat_1.ep6.el6.noarch	ecj3-1:3.7.2-6.redhat_1.ep6.el6.noarch.noarch.rpm
Red Hat Enterprise Linux	6	i386	httpd	0:2.2.22-23.ep6.el6	httpd-0:2.2.22-23.ep6.el6.i386.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2012-3544
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2012-3544
cve	www.cve.org/CVERecord

14 May 2026 22:17Current

7.4High risk

Vulners AI Score7.4

CVSS 25

EPSS0.38137

Tomcat vulnerability chunked transfer encoding denial of service chunk extensions