Your submission was sent successfully! Close

CVE-2013-4286

Published: 26 February 2014

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.39)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(6.0.39-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(6.0.39-1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1552565
tomcat7
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.47)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.0.52-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(7.0.52-1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1518197 (backport)
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1521854