CVE-2012-3544

Apache Tomcat 6.x < 6.0.37 and 7.x < 7.0.30 - Denial of Service via Chunked Transfer Coding

Title source: llm
STIX 2.1

Description

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

References (21)

Core 21
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/59797
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/23
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1841-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64758

Scores

EPSS 0.1100
EPSS Percentile 95.4%

Details

CWE
CWE-20
Status published
Products (38)
apache/tomcat 6.0
apache/tomcat 6.0.0 (2 CPE variants)
apache/tomcat 6.0.1 (2 CPE variants)
apache/tomcat 6.0.2 (3 CPE variants)
apache/tomcat 6.0.3
apache/tomcat 6.0.4 (2 CPE variants)
apache/tomcat 6.0.5
apache/tomcat 6.0.6 (2 CPE variants)
apache/tomcat 6.0.7 (3 CPE variants)
apache/tomcat 6.0.8 (2 CPE variants)
... and 28 more
Published Jun 01, 2013
Tracked Since Feb 18, 2026