Description

Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.

Remediation

References

CVE-2013-4322

Related Vulnerabilities

WordPress Plugin BuddyDrive Cross-Site Scripting (1.2.2)

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (3.1.0)

WordPress Plugin Listing, Classified Ads & Business Directory-uListing SQL Injection (2.0.3)

Envoy Proxy CVE-2019-18802 Vulnerability (CVE-2019-18802)

Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-4360)

Severity

Medium

Classification

CVE-2013-4322 CWE-20

Tags

Missing Update Known Vulnerabilities