Lucene search
RootSSV:61595HistoryFeb 27, 2014 - 12:00 a.m.
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-2700:00:00
Root
www.seebug.org
69
0.972 High
EPSS
Percentile
99.8%
Bugtraq ID:65773
CVE ID:CVE-2013-4286
Apache Tomcat是一款开放源码的JSP应用服务器程序。
在使用块编码时如果请求包含多个或者单个content-length头时,Apache Tomcat应用没有正确把该请求拒绝为非法请求,当多个组件如防火墙,缓存,代理和Tomcat处理该请求序列时,会做出不同的动作,而使攻击者可进行WEB缓存"毒药"攻击,执行跨站脚本攻击,或获取其他用户请求中的敏感信息。此漏洞是由于不完整修复CVE-2005-2090造成的。
0
Apache Tomcat 8.0.0-RC1
Apache Tomcat 7.0.0 - 7.0.42
Apache Tomcat 6.0.0 - 6.0.37
厂商补丁:
Apache
Apache Tomcat 8.0.0-RC3,7.0.47或6.0.39已经修复该漏洞,建议用户下载更新:
http://tomcat.apache.org/
Related
seebug
seebug
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 (Information disclosure)
2014-02-28 00:00:00
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
veracode
veracode
Request-smuggling Attacks
2019-01-15 08:59:20
HTTP Request Smuggling
2018-11-13 06:55:19
Authorization Bypass
2019-05-02 05:02:08
osv
osv
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
tomcat6 - security update
2014-11-23 00:00:00
debiancve
debiancve
CVE-2013-4286
2014-02-26 14:55:00
tomcat
tomcat
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
Fixed in Apache Tomcat 7.0.47
2013-10-24 00:00:00
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
2007-03-09 00:00:00
cve
cve
github
github
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
ubuntucve
ubuntucve
CVE-2013-4286
2014-02-26 00:00:00
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
Design/Logic Flaw
2014-06-18 21:55:00
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2014:0343)
2014-04-01 00:00:00
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
2011-11-18 00:00:00
Apache Tomcat 7.0.x < 7.0.47 / 8.0.x < 8.0.0-RC3 Information Disclosure
2019-01-11 00:00:00
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
f5
f5
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
redhat
redhat
(RHSA-2014:0458) Moderate: Red Hat JBoss Data Virtualization 6.0.0 security update
2014-04-30 18:58:00
(RHSA-2014:0374) Important: Red Hat JBoss Data Grid 6.2.1 update
2014-04-03 21:51:02
ibm
ibm
Security Bulletin: Rational Build Forge Security Advisory (CVE-2013-4286)
2018-06-17 04:53:14
openvas
openvas
Apache Tomcat Multiple Vulnerabilities - 01 - Mar14
2014-03-25 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Oracle Linux Local Check: ELSA-2014-0686
2015-10-06 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
Important: tomcat security update
2007-06-26 00:00:00
tomcat security update
2014-07-20 00:00:00
vmware
vmware
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
tomcat6 security update
2014-04-23 19:07:14
ubuntu
ubuntu
Tomcat vulnerabilities
2014-03-06 00:00:00
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 3530-1] tomcat6 security update
2016-03-25 18:47:56
gentoo
gentoo
Apache Tomcat: Multiple vulnerabilities
2014-12-15 00:00:00
oracle
oracle
Oracle Critical Patch Update - April 2015
2015-04-14 00:00:00
Oracle Critical Patch Update - July 2014
2014-07-15 00:00:00
Oracle Critical Patch Update - October 2014
2014-10-14 00:00:00