Your submission was sent successfully! Close

CVE-2013-4322

Published: 26 February 2014

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Priority

Medium

Status

Package Release Status
tomcat6
Launchpad, Ubuntu, Debian
Upstream
Released (6.0.39)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(6.0.39-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(6.0.39-1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1556540
tomcat7
Launchpad, Ubuntu, Debian
Upstream
Released (7.0.50)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(7.0.52-1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(7.0.52-1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1521864
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1549523
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1549526