CVE-2013-4322 — Uncontrolled Resource Consumption in Apache Tomcat

CWE-400 — Uncontrolled Resource Consumption9 documents7 sources
Severity
4.3MEDIUMNVD
CNA5.0GHSA5.0OSV5.0
EPSS
36.7%
top 2.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Tomcat
Timeline
PublishedFeb 26
Latest updateMay 14

Description

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDapache/tomcat6.0.37+173

🔴Vulnerability Details

4
OSV
Apache Tomcat Denial of Service vulnerability↗2022-05-14
â–¶
GHSA
Apache Tomcat Denial of Service vulnerability↗2022-05-14
â–¶
CVEList
CVE-2013-4322: Apache Tomcat before 6↗2014-02-26
â–¶
OSV
CVE-2013-4322: Apache Tomcat before 6↗2014-02-26
â–¶

📋Vendor Advisories

2
Ubuntu
Tomcat vulnerabilities↗2014-03-06
â–¶
Red Hat
tomcat: incomplete fix for CVE-2012-3544↗2014-02-25
â–¶

💬Community

2
Bugzilla
CVE-2013-4322 CVE-2013-4590 CVE-2013-4286 tomcat: various flaws [fedora-all]↗2014-02-25
â–¶
Bugzilla
CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544↗2014-02-25
â–¶
CVE-2013-4322 — Uncontrolled Resource Consumption | cvebase