CVE-2013-4286

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.

Published Bysecalert@redhat.com

Published DateFeb 26, 2014, 14:55

Affected Versions(3)

org.apache.tomcat:tomcat(Maven)

Introduced0

Fixed6.0.39

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced7.0.0

Fixed7.0.47

LimitN/A

org.apache.tomcat:tomcat(Maven)

Introduced8.0.0-RC1

Fixed8.0.0-RC3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.tomcat:tomcat(Maven)	0	6.0.39	N/A
org.apache.tomcat:tomcat(Maven)	7.0.0	7.0.47	N/A
org.apache.tomcat:tomcat(Maven)	8.0.0-RC1	8.0.0-RC3	N/A

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):CWE-20

CVSS Metrics

Base Score

5.8

Vector String

AV:N/AC:M/Au:N/C:P/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

NONE