CVE-2013-4286
published 2014-02-26CVE-2013-4286: Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain…
PriorityP338medium5.8CVSS 2.0
AVNACMAuNCPIPAN
EPSS
16.83%
96.7th percentile
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
Affected
173 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | <= 6.0.37 | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
ghsa4.3MEDIUM
osv4.3MEDIUM
vendor_ubuntu5.8MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Tomcat vulnerabilities
vendor_ubuntu·2014-03-06·CVSS 5.8
CVE-2013-4286 [MEDIUM] Tomcat vulnerabilities
Title: Tomcat vulnerabilities
Summary: Several security issues were fixed in Tomcat.
It was discovered that Tomcat incorrectly handled certain inconsistent
HTTP headers. A remote attacker could possibly use this flaw to conduct
request smuggling attacks. (CVE-2013-4286)
It was discovered that Tomcat incorrectly handled certain requests
submitted using chunked transfer encoding. A remote attacker could use this
flaw to cause the Tomcat server to stop responding, resulting in a denial
of service. (CVE-2013-4322)
It was discovered that Tomcat incorrectly applied the disableURLRewriting
setting when handling a session id in a URL. A remote attacker could
possibly use this flaw to conduct session fixation attacks. This issue
only applied to Ubuntu 12.04 LTS. (CVE-2014-0033)
It was discover
Red Hat
tomcat: multiple content-length header poisoning flaws
vendor_redhat·2014-02-25·CVSS 4.3
CVE-2013-4286 [MEDIUM] tomcat: multiple content-length header poisoning flaws
tomcat: multiple content-length header poisoning flaws
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomc
GHSA
Apache Tomcat is vulnerable to HTTP request-smuggling
ghsa·2022-05-14·CVSS 4.3
CVE-2013-4286 [MEDIUM] CWE-20 Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
OSV
Apache Tomcat is vulnerable to HTTP request-smuggling
osv·2022-05-14·CVSS 4.3
CVE-2013-4286 [MEDIUM] Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat is vulnerable to HTTP request-smuggling
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
OSV
CVE-2013-4286: Apache Tomcat before 6
osv·2014-02-26·CVSS 4.3
CVE-2013-4286 [MEDIUM] CVE-2013-4286: Apache Tomcat before 6
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4322 CVE-2013-4590 CVE-2013-4286 tomcat: various flaws [fedora-all]
bugzilla·2014-02-25·CVSS 5.8
CVE-2013-4322 [MEDIUM] CVE-2013-4322 CVE-2013-4590 CVE-2013-4286 tomcat: various flaws [fedora-all]
CVE-2013-4322 CVE-2013-4590 CVE-2013-4286 tomcat: various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affe
Bugzilla
CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
bugzilla·2014-02-25·CVSS 4.3
CVE-2013-4286 [MEDIUM] CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
CVE-2013-4286 tomcat: multiple content-length header poisoning flaws
The Tomcat fix for CVE-2005-2090 was not complete. It did not cover the following cases:
- content-length header with chunked encoding over any HTTP connector
- multiple content-length headers over any AJP connector
Requests with multiple content-length headers or with a content-length header when chunked encoding is being used should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain either multiple content-length headers or a content-length header when chunked encoding is being used and several components do not reject the request and make different decisions as to which content-length header to use an attacker can
http://advisories.mageia.org/MGASA-2014-0148.htmlhttp://marc.info/?l=bugtraq&m=141390017113542&w=2http://marc.info/?l=bugtraq&m=144498216801440&w=2http://rhn.redhat.com/errata/RHSA-2014-0343.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0344.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0345.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/57675http://secunia.com/advisories/59036http://secunia.com/advisories/59675http://secunia.com/advisories/59722http://secunia.com/advisories/59724http://secunia.com/advisories/59733http://secunia.com/advisories/59873http://svn.apache.org/viewvc?view=revision&revision=1521829http://svn.apache.org/viewvc?view=revision&revision=1521854http://svn.apache.org/viewvc?view=revision&revision=1552565http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21667883http://www-01.ibm.com/support/docview.wss?uid=swg21675886http://www-01.ibm.com/support/docview.wss?uid=swg21677147http://www-01.ibm.com/support/docview.wss?uid=swg21678113http://www-01.ibm.com/support/docview.wss?uid=swg21678231http://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/65773http://www.ubuntu.com/usn/USN-2130-1http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1069921https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://rhn.redhat.com/errata/RHSA-2014-0686.htmlhttp://advisories.mageia.org/MGASA-2014-0148.htmlhttp://marc.info/?l=bugtraq&m=141390017113542&w=2http://marc.info/?l=bugtraq&m=144498216801440&w=2http://rhn.redhat.com/errata/RHSA-2014-0343.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0344.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0345.htmlhttp://seclists.org/fulldisclosure/2014/Dec/23http://secunia.com/advisories/57675http://secunia.com/advisories/59036http://secunia.com/advisories/59675http://secunia.com/advisories/59722http://secunia.com/advisories/59724http://secunia.com/advisories/59733http://secunia.com/advisories/59873http://svn.apache.org/viewvc?view=revision&revision=1521829http://svn.apache.org/viewvc?view=revision&revision=1521854http://svn.apache.org/viewvc?view=revision&revision=1552565http://tomcat.apache.org/security-6.htmlhttp://tomcat.apache.org/security-7.htmlhttp://tomcat.apache.org/security-8.htmlhttp://www-01.ibm.com/support/docview.wss?uid=swg21667883http://www-01.ibm.com/support/docview.wss?uid=swg21675886http://www-01.ibm.com/support/docview.wss?uid=swg21677147http://www-01.ibm.com/support/docview.wss?uid=swg21678113http://www-01.ibm.com/support/docview.wss?uid=swg21678231http://www.debian.org/security/2016/dsa-3530http://www.mandriva.com/security/advisories?name=MDVSA-2015:052http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.htmlhttp://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.htmlhttp://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.htmlhttp://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.htmlhttp://www.securityfocus.com/archive/1/534161/100/0/threadedhttp://www.securityfocus.com/bid/65773http://www.ubuntu.com/usn/USN-2130-1http://www.vmware.com/security/advisories/VMSA-2014-0012.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1069921https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Ehttps://rhn.redhat.com/errata/RHSA-2014-0686.html
2014-02-26
Published