1
PublicDateAtUSN: 2014-02-26
2
Candidate: CVE-2013-4286
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4286
6
http://tomcat.apache.org/security-8.html
7
http://tomcat.apache.org/security-7.html
8
http://tomcat.apache.org/security-6.html
9
https://usn.ubuntu.com/usn/usn-2130-1
11
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3,
12
when an HTTP connector or AJP connector is used, does not properly handle
13
certain inconsistent HTTP request headers, which allows remote attackers to
14
trigger incorrect identification of a request's length and conduct
15
request-smuggling attacks via (1) multiple Content-Length headers or (2) a
16
Content-Length header and a "Transfer-Encoding: chunked" header. NOTE:
17
this vulnerability exists because of an incomplete fix for CVE-2005-2090.
21
https://bugzilla.redhat.com/show_bug.cgi?id=1069921
27
upstream: http://svn.apache.org/viewvc?view=revision&revision=1552565
28
upstream_tomcat6: released (6.0.39)
29
lucid_tomcat6: released (6.0.24-2ubuntu1.15)
30
precise_tomcat6: released (6.0.35-1ubuntu3.4)
31
precise/esm_tomcat6: released (6.0.35-1ubuntu3.4)
32
quantal_tomcat6: ignored (reached end-of-life)
33
saucy_tomcat6: ignored (reached end-of-life)
34
trusty_tomcat6: not-affected (6.0.39-1)
35
utopic_tomcat6: not-affected (6.0.39-1)
36
vivid_tomcat6: not-affected (6.0.39-1)
37
vivid/stable-phone-overlay_tomcat6: DNE
38
vivid/ubuntu-core_tomcat6: DNE
39
wily_tomcat6: not-affected (6.0.39-1)
40
xenial_tomcat6: not-affected (6.0.39-1)
46
upstream: http://svn.apache.org/viewvc?view=revision&revision=1518197 (backport)
47
upstream: http://svn.apache.org/viewvc?view=revision&revision=1521854
48
upstream_tomcat7: released (7.0.47)
50
precise_tomcat7: ignored (reached end-of-life)
51
precise/esm_tomcat7: DNE (precise was needed)
52
quantal_tomcat7: released (7.0.30-0ubuntu1.3)
53
saucy_tomcat7: released (7.0.42-1ubuntu0.1)
54
trusty_tomcat7: not-affected (7.0.52-1)
55
utopic_tomcat7: not-affected (7.0.52-1)
56
vivid_tomcat7: not-affected (7.0.52-1)
57
vivid/stable-phone-overlay_tomcat7: DNE
58
vivid/ubuntu-core_tomcat7: DNE
59
wily_tomcat7: not-affected (7.0.52-1)
60
xenial_tomcat7: not-affected (7.0.52-1)
61
yakkety_tomcat7: not-affected (7.0.52-1)
62
zesty_tomcat7: not-affected (7.0.52-1)
63
devel_tomcat7: not-affected (7.0.52-1)