5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.972 High
EPSS
Percentile
99.8%
Note: The issue below was fixed in Apache Tomcat 8.0.0-RC2 but the release vote for 8.0.0-RC2 did not pass. Therefore, although users must download 8.0.0-RC3 to obtain a version that includes a fix for this issue, version 8.0.0-RC2 is not included in the list of affected versions.
Important: Information disclosure CVE-2013-4286
The fix for CVE-2005-2090 was not complete. It did not cover the following cases:
Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from requests other then their own. Tomcat now rejects requests with multiple content-length headers or with a content-length header when chunked encoding is being used.
This was fixed in revision 1521829.
This issue was identified by the Apache Tomcat security team on 15 August 2013 and made public on 25 February 2014.
Affects: 8.0.0-RC1
CPE | Name | Operator | Version |
---|---|---|---|
apache tomcat | eq | 8.0.0-RC1 |