mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-16 20:27:21 +00:00
22 lines
1.1 KiB
Markdown
22 lines
1.1 KiB
Markdown
|
### [CVE-2013-4322](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322)
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
### Description
|
||
|
|
|
||
|
|
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
|
||
|
|
|
||
|
|
### POC
|
||
|
|
|
||
|
|
#### Reference
|
||
|
|
- http://seclists.org/fulldisclosure/2014/Dec/23
|
||
|
|
- http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
|
||
|
|
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
|
||
|
|
- http://www.vmware.com/security/advisories/VMSA-2014-0012.html
|
||
|
|
|
||
|
|
#### Github
|
||
|
|
No PoCs found on GitHub currently.
|
||
|
|
|