Vulnerability Description
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.0 |
Related Weaknesses (CWE)
References
- http://advisories.mageia.org/MGASA-2014-0148.html
- http://marc.info/?l=bugtraq&m=144498216801440&w=2
- http://seclists.org/fulldisclosure/2014/Dec/23
- http://secunia.com/advisories/59036
- http://secunia.com/advisories/59675
- http://secunia.com/advisories/59722
- http://secunia.com/advisories/59724
- http://secunia.com/advisories/59873
- http://svn.apache.org/viewvc?view=revision&revision=1521834
- http://svn.apache.org/viewvc?view=revision&revision=1521864
- http://svn.apache.org/viewvc?view=revision&revision=1549522
- http://svn.apache.org/viewvc?view=revision&revision=1549523
- http://svn.apache.org/viewvc?view=revision&revision=1556540
- http://tomcat.apache.org/security-6.htmlVendor Advisory
- http://tomcat.apache.org/security-7.htmlVendor Advisory
FAQ
What is CVE-2013-4322?
CVE-2013-4322 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace charact...
How severe is CVE-2013-4322?
CVE-2013-4322 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4322?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.