CVE-2013-4322 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2013-4322 Interim 1 15 2024-06-12T01:55:07Z current 2021-05-30T13:14:04Z 2024-06-12T01:55:07Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2013-4322 Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2014-August/000960.html E-Mail link for SUSE-SU-2014:1015-1 https://www.suse.com/support/kb/doc/?id=7017332 E-Mail link for TID7017332 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 7 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server for SAP Applications 11 SP3 libtcnative-1-0-1.3.3-12.2.1 tomcat-7.0.42-5.el7_0 tomcat-admin-webapps-7.0.42-5.el7_0 tomcat-docs-webapp-7.0.42-5.el7_0 tomcat-el-2.2-api-7.0.42-5.el7_0 tomcat-javadoc-7.0.42-5.el7_0 tomcat-jsp-2.2-api-7.0.42-5.el7_0 tomcat-jsvc-7.0.42-5.el7_0 tomcat-lib-7.0.42-5.el7_0 tomcat-servlet-3.0-api-7.0.42-5.el7_0 tomcat-webapps-7.0.42-5.el7_0 tomcat6-6.0.41-0.43.1 tomcat6-admin-webapps-6.0.41-0.43.1 tomcat6-docs-webapp-6.0.41-0.43.1 tomcat6-javadoc-6.0.41-0.43.1 tomcat6-jsp-2_1-api-6.0.41-0.43.1 tomcat6-lib-6.0.41-0.43.1 tomcat6-servlet-2_5-api-6.0.41-0.43.1 tomcat6-webapps-6.0.41-0.43.1 tomcat-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-admin-webapps-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-docs-webapp-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-el-2.2-api-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-javadoc-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-jsp-2.2-api-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-jsvc-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-lib-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-servlet-3.0-api-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 tomcat-webapps-7.0.42-5.el7_0 as a component of SUSE Liberty Linux 7 libtcnative-1-0-1.3.3-12.2.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3 libtcnative-1-0-1.3.3-12.2.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA libtcnative-1-0-1.3.3-12.2.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-admin-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-docs-webapp-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-javadoc-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-jsp-2_1-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-lib-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-servlet-2_5-api-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 tomcat6-webapps-6.0.41-0.43.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544. CVE-2013-4322 SUSE Liberty Linux 7:tomcat-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-admin-webapps-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-docs-webapp-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-el-2.2-api-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-javadoc-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-jsp-2.2-api-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-jsvc-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-lib-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-servlet-3.0-api-7.0.42-5.el7_0 SUSE Liberty Linux 7:tomcat-webapps-7.0.42-5.el7_0 SUSE Linux Enterprise Server 11 SP3:libtcnative-1-0-1.3.3-12.2.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3:tomcat6-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:libtcnative-1-0-1.3.3-12.2.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:tomcat6-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:libtcnative-1-0-1.3.3-12.2.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-admin-webapps-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-docs-webapp-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-javadoc-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-jsp-2_1-api-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-lib-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-servlet-2_5-api-6.0.41-0.43.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:tomcat6-webapps-6.0.41-0.43.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P