Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-2130-1
HistoryMar 06, 2014 - 12:00 a.m.

Tomcat vulnerabilities

2014-03-0600:00:00
ubuntu.com
42

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.932 High

EPSS

Percentile

99.0%

JSON

Releases

  • Ubuntu 13.10
  • Ubuntu 12.10
  • Ubuntu 12.04
  • Ubuntu 10.04

Packages

  • tomcat6 - Servlet and JSP engine
  • tomcat7 - Servlet and JSP engine

Details

It was discovered that Tomcat incorrectly handled certain inconsistent
HTTP headers. A remote attacker could possibly use this flaw to conduct
request smuggling attacks. (CVE-2013-4286)

It was discovered that Tomcat incorrectly handled certain requests
submitted using chunked transfer encoding. A remote attacker could use this
flaw to cause the Tomcat server to stop responding, resulting in a denial
of service. (CVE-2013-4322)

It was discovered that Tomcat incorrectly applied the disableURLRewriting
setting when handling a session id in a URL. A remote attacker could
possibly use this flaw to conduct session fixation attacks. This issue
only applied to Ubuntu 12.04 LTS. (CVE-2014-0033)

It was discovered that Tomcat incorrectly handled malformed Content-Type
headers and multipart requests. A remote attacker could use this flaw to
cause the Tomcat server to stop responding, resulting in a denial of
service. This issue only applied to Ubuntu 12.10 and Ubuntu 13.10.
(CVE-2014-0050)

OSVersionArchitecturePackageVersionFilename
Ubuntu13.10noarchlibtomcat7-java< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchlibservlet3.0-java< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchlibservlet3.0-java-doc< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchtomcat7< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchtomcat7-admin< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchtomcat7-common< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchtomcat7-docs< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchtomcat7-examples< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu13.10noarchtomcat7-user< 7.0.42-1ubuntu0.1UNKNOWN
Ubuntu12.10noarchlibtomcat7-java< 7.0.30-0ubuntu1.3UNKNOWN
Rows per page:
1-10 of 371

Related

openvas 38
nessus 37
securityvulns 5
ibm 34
redhat 14
oraclelinux 3
centos 2
amazon 2
debian 3
mageia 4
osv 6
fedora 3
tomcat 5
checkpoint_advisories 2
prion 5
cve 5
github 4
seebug 6
veracode 3
atlassian 3
debiancve 3
ubuntucve 4
jvn 1
f5 2
exploitpack 1
zdt 1
suse 1
vmware 2
openvas
openvas
Ubuntu Update for tomcat7 USN-2130-1
2014-03-12 00:00:00
Ubuntu: Security Advisory (USN-2130-1)
2014-03-12 00:00:00
Oracle: Security Advisory (ELSA-2014-0429)
2015-10-06 00:00:00
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)
2014-03-07 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0525)
2014-06-26 00:00:00
RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526)
2014-06-26 00:00:00
securityvulns
securityvulns
Apache Tomcat multiple security vulnerabilities
2014-03-31 00:00:00
[SECURITY] CVE-2014-0033 Session fixation still possible with disableURLRewriting enabled
2014-02-28 00:00:00
[SECURITY] CVE-2014-0050 Apache Commons FileUpload and Apache Tomcat DoS
2014-03-31 00:00:00
ibm
ibm
Security Bulletin: The IBM FlashSystem 840 product is affected by vulnerabilities in Apache Tomcat
2023-02-18 01:45:50
Security Bulletin: The IBM V840 product model number AE1 node is affected by vulnerabilities in Apache Tomcat
2018-06-18 00:08:27
Security Bulletin: Apache Tomcat and FileUpload Vulnerabilities in IBM UrbanCode Release (CVE-2014-0050, CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590)
2018-06-17 22:31:46
redhat
redhat
(RHSA-2014:0528) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
2014-05-21 15:32:03
(RHSA-2014:0525) Moderate: Red Hat JBoss Web Server 2.0.1 tomcat6 security update
2014-05-21 15:09:00
(RHSA-2014:0429) Moderate: tomcat6 security update
2014-04-23 00:00:00
oraclelinux
oraclelinux
tomcat6 security update
2014-04-23 00:00:00
tomcat security update
2014-07-20 00:00:00
tomcat6 security and bug fix update
2014-07-09 00:00:00
centos
centos
tomcat6 security update
2014-04-23 19:07:14
tomcat6 security update
2014-07-09 16:09:49
amazon
amazon
Medium: tomcat6
2014-05-21 10:45:00
Medium: tomcat7
2014-03-24 23:36:00
debian
debian
[SECURITY] [DSA 2897-1] tomcat7 security update
2014-04-08 18:25:14
[SECURITY] [DLA 91-1] tomcat6 security update
2014-11-23 09:02:25
[SECURITY] [DSA 2856-1] libcommons-fileupload-java security update
2014-02-07 22:59:08
mageia
mageia
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat package fixes security vulnerabilities
2014-04-03 04:16:05
Updated tomcat packages fix CVE-2014-0050
2014-02-28 22:59:29
osv
osv
tomcat6 - security update
2014-11-23 00:00:00
tomcat6 - regression update
2014-11-23 00:00:00
tomcat7 - security update
2014-04-08 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: tomcat-7.0.52-1.fc20
2014-09-26 09:02:42
[SECURITY] Fedora 20 Update: apache-commons-fileupload-1.3-5.fc20
2014-02-17 21:06:10
[SECURITY] Fedora 19 Update: apache-commons-fileupload-1.3-5.fc19
2014-02-17 21:07:04
tomcat
tomcat
Fixed in Apache Tomcat 6.0.39
2014-01-31 00:00:00
Fixed in Apache Tomcat 8.0.3
2014-02-11 00:00:00
Fixed in Apache Tomcat 7.0.52
2014-02-17 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache Tomcat Large Chunked Transfer Denial of Service (CVE-2013-4322)
2014-03-05 00:00:00
Apache Tomcat FileUpload Content-Type Header Infinite Loop (CVE-2014-0050)
2014-03-16 00:00:00
prion
prion
Session fixation
2014-02-26 14:55:00
Design/Logic Flaw
2014-04-01 06:27:00
Design/Logic Flaw
2014-06-18 21:55:00
cve
cve
CVE-2014-0033
2014-02-26 14:55:00
CVE-2014-0050
2014-04-01 06:27:00
CVE-2013-4322
2014-02-26 14:55:00
github
github
Improper Input Validation in Apache Tomcat
2022-05-14 01:10:35
Commons FileUpload Denial of service vulnerability
2018-12-21 17:51:42
Apache Tomcat Denial of Service vulnerability
2022-05-14 01:10:35
seebug
seebug
Apache Tomcat会话固定漏洞
2014-02-27 00:00:00
Apache Commons FileUpload/Apache Tomcat拒绝服务漏洞
2014-02-13 00:00:00
Apache Commons FileUpload and Apache Tomcat - Denial-of-Service
2014-07-01 00:00:00
veracode
veracode
Denial Of Service (DoS) By An Infinite Loop Causing CPU Consumption
2019-01-15 08:58:15
Authorization Bypass
2019-05-02 05:02:08
Request-smuggling Attacks
2019-01-15 08:59:20
atlassian
atlassian
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
Security vulnerability in apache commons fileupload
2014-02-10 05:56:15
debiancve
debiancve
CVE-2014-0050
2014-04-01 06:27:00
CVE-2013-4322
2014-02-26 14:55:00
CVE-2013-4286
2014-02-26 14:55:00
ubuntucve
ubuntucve
CVE-2014-0033
2014-02-26 00:00:00
CVE-2014-0050
2014-02-07 00:00:00
CVE-2013-4322
2014-02-26 00:00:00
jvn
jvn
JVN#14876762: Apache Commons FileUpload vulnerable to denial-of-service (DoS)
2014-02-10 00:00:00
f5
f5
SOL15189 - Apache Commons FileUpload vulnerability CVE-2014-0050
2014-04-18 00:00:00
K15189 : Apache Commons FileUpload vulnerability CVE-2014-0050
2015-08-15 00:00:00
exploitpack
exploitpack
Apache Commons FileUpload and Apache Tomcat - Denial of Service
2014-02-12 00:00:00
zdt
zdt
Apache Commons FileUpload and Apache Tomcat Denial of Service
2014-02-12 00:00:00
suse
suse
Security update for jakarta-commons-fileupload (important)
2014-04-17 21:04:15
vmware
vmware
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00
VMware vSphere product updates to third party libraries
2014-09-09 00:00:00

8.1 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.932 High

EPSS

Percentile

99.0%

JSON
Related for USN-2130-1
openvas38nessus37securityvulns5ibm34redhat14oraclelinux3centos2amazon2debian3mageia4osv6fedora3tomcat5checkpoint_advisories2prion5cve5github4seebug6veracode3atlassian3debiancve3ubuntucve4jvn1f52exploitpack1zdt1suse1vmware2