CVE-2013-4286

MEDIUM

Description

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

References

http://advisories.mageia.org/MGASA-2014-0148.html

http://marc.info/?l=bugtraq&m=141390017113542&w=2

http://marc.info/?l=bugtraq&m=144498216801440&w=2

http://rhn.redhat.com/errata/RHSA-2014-0343.html

http://rhn.redhat.com/errata/RHSA-2014-0344.html

http://rhn.redhat.com/errata/RHSA-2014-0345.html

http://seclists.org/fulldisclosure/2014/Dec/23

http://secunia.com/advisories/57675

http://secunia.com/advisories/59036

http://secunia.com/advisories/59675

http://secunia.com/advisories/59722

http://secunia.com/advisories/59724

http://secunia.com/advisories/59733

http://secunia.com/advisories/59873

http://svn.apache.org/viewvc?view=revision&revision=1521829

http://svn.apache.org/viewvc?view=revision&revision=1521854

http://svn.apache.org/viewvc?view=revision&revision=1552565

http://tomcat.apache.org/security-6.html

http://tomcat.apache.org/security-7.html

http://tomcat.apache.org/security-8.html

http://www.debian.org/security/2016/dsa-3530

http://www.mandriva.com/security/advisories?name=MDVSA-2015:052

http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html

http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html

http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

http://www.securityfocus.com/archive/1/534161/100/0/threaded

http://www.securityfocus.com/bid/65773

http://www.ubuntu.com/usn/USN-2130-1

http://www.vmware.com/security/advisories/VMSA-2014-0012.html

http://www-01.ibm.com/support/docview.wss?uid=swg21667883

http://www-01.ibm.com/support/docview.wss?uid=swg21675886

http://www-01.ibm.com/support/docview.wss?uid=swg21677147

http://www-01.ibm.com/support/docview.wss?uid=swg21678113

http://www-01.ibm.com/support/docview.wss?uid=swg21678231

https://bugzilla.redhat.com/show_bug.cgi?id=1069921

https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.tomcat.apache.org%3E

https://rhn.redhat.com/errata/RHSA-2014-0686.html

Details

Source: MITRE

Published: 2014-02-26

Updated: 2019-04-15

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 5.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Impact Score: 4.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.37:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.38:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.39:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.40:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.41:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.42:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.43:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.44:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.45:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:7.0.46:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:apache:tomcat:8.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:8.0.0:rc2:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:apache:tomcat:1.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.2.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.2.2:beta2:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3.1a:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.21:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.22:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.23:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.25:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.34:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:5.5.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* versions up to 6.0.37 (inclusive)

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
121116Apache Tomcat 7.0.x < 7.0.47 / 8.0.x < 8.0.0-RC3 Information DisclosureNessusWeb Servers
medium
90205Debian DSA-3530-1 : tomcat6 - security updateNessusDebian Local Security Checks
high
84401IBM Storwize 1.3.x < 1.4.3.4 / 1.5.x < 1.5.0.2 Multiple VulnerabilitiesNessusMisc.
high
81935Mandriva Linux Security Advisory : tomcat (MDVSA-2015:052)NessusMandriva Local Security Checks
medium
80793Oracle Solaris Third-Party Patch Update : tomcat (multiple_vulnerabilities_in_apache_tomcat4)NessusSolaris Local Security Checks
medium
79982GLSA-201412-29 : Apache Tomcat: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
78287Amazon Linux AMI : tomcat6 (ALAS-2014-344)NessusAmazon Linux Local Security Checks
high
77928Fedora 20 : tomcat-7.0.52-1.fc20 (2014-11048)NessusFedora Local Security Checks
medium
76895RHEL 7 : tomcat (RHSA-2014:0686)NessusRed Hat Local Security Checks
medium
76733Oracle Linux 7 : tomcat (ELSA-2014-0686)NessusOracle Linux Local Security Checks
medium
76570Oracle Secure Global Desktop Multiple Vulnerabilities (July 2014 CPU)NessusMisc.
high
76241RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0526)NessusRed Hat Local Security Checks
high
76240RHEL 5 / 6 : JBoss Web Server (RHSA-2014:0525)NessusRed Hat Local Security Checks
high
73679Scientific Linux Security Update : tomcat6 on SL6.x (noarch) (20140423)NessusScientific Linux Local Security Checks
high
73678RHEL 6 : tomcat6 (RHSA-2014:0429)NessusRed Hat Local Security Checks
high
73677Oracle Linux 6 : tomcat6 (ELSA-2014-0429)NessusOracle Linux Local Security Checks
high
73675CentOS 6 : tomcat6 (CESA-2014:0429)NessusCentOS Local Security Checks
high
73421Debian DSA-2897-1 : tomcat7 - security updateNessusDebian Local Security Checks
high
73284RHEL 6 : JBoss EAP (RHSA-2014:0344)NessusRed Hat Local Security Checks
medium
73283RHEL 5 : JBoss EAP (RHSA-2014:0343)NessusRed Hat Local Security Checks
medium
72874Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : tomcat6, tomcat7 vulnerabilities (USN-2130-1)NessusUbuntu Local Security Checks
high
8141Apache Tomcat 6.0.x < 6.0.39 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
medium
72690Apache Tomcat 6.0.x < 6.0.39 Multiple VulnerabilitiesNessusWeb Servers
medium