CVE-2013-4286

Apache Tomcat < 6.0.39, 7.x < 7.0.47, 8.x < 8.0.0-RC3 - Request Smuggling via Inconsistent HTTP Headers

Title source: llm
STIX 2.1

Description

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

References (45)

Core 45
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0345.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2014-0686.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0344.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0343.html
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21678113
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21678231
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2130-1
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1069921
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/65773
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=144498216801440&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59733
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59724
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3530
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-7.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/57675
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534161/100/0/threaded
Mailing List vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=141390017113542&w=2
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-8.html
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21677147
Third Party Advisory x_refsource_confirm
http://advisories.mageia.org/MGASA-2014-0148.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59722
Vendor Advisory x_refsource_confirm
http://tomcat.apache.org/security-6.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59675
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59873
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Dec/23
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21667883
Various Sources x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21675886
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/59036

Scores

EPSS 0.2360
EPSS Percentile 96.1%

Details

CWE
CWE-20
Status published
Products (46)
apache/tomcat 7.0.0 (2 CPE variants)
apache/tomcat 7.0.1
apache/tomcat 7.0.2 (2 CPE variants)
apache/tomcat 7.0.3
apache/tomcat 7.0.4 (2 CPE variants)
apache/tomcat 7.0.10
apache/tomcat 7.0.11
apache/tomcat 7.0.12
apache/tomcat 7.0.13
apache/tomcat 7.0.14
... and 36 more
Published Feb 26, 2014
Tracked Since Feb 18, 2026