CVE-2012-3544Improper Input Validation in Apache Tomcat

CWE-20Improper Input ValidationCWE-400Uncontrolled Resource Consumption13 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
44.8%
top 2.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedJun 1
Latest updateMay 14

Description

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDapache/tomcat59 versions+58

Patches

Patch: svn.apache.orgPatch: svn.apache.orgPatch: svn.apache.org

🔴Vulnerability Details

5
GHSA
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions2022-05-14
OSV
Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions2022-05-14
GHSA
Apache Tomcat Denial of Service vulnerability2022-05-14
CVEList
CVE-2012-3544: Apache Tomcat 62013-06-01
OSV
CVE-2012-3544: Apache Tomcat 62012-12-31

📋Vendor Advisories

4
Red Hat
tomcat: incomplete fix for CVE-2012-35442014-02-25
Ubuntu
Tomcat vulnerabilities2013-05-28
Red Hat
tomcat: Limited DoS in chunked transfer encoding input filter2013-05-10
Apache
Apache tomcat: CVE-2012-3544

💬Community

3
Bugzilla
CVE-2013-4322 tomcat: incomplete fix for CVE-2012-35442014-02-25
Bugzilla
CVE-2012-3544 tomcat: Limited DoS in chunked transfer encoding input filter2013-05-10
Bugzilla
CVE-2013-2067 CVE-2012-3544 tomcat6 various flaws [fedora-all]2013-05-10
CVE-2012-3544 — Improper Input Validation in Apache | cvebase