mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-05-28 01:02:55 +00:00
252 lines
10 KiB
JSON
252 lines
10 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "secalert@redhat.com",
|
|
"ID": "CVE-2013-4286",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "n/a",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a \"Transfer-Encoding: chunked\" header. NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "RHSA-2014:0345",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html"
|
|
},
|
|
{
|
|
"name": "59733",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/59733"
|
|
},
|
|
{
|
|
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2014:0686",
|
|
"refsource": "REDHAT",
|
|
"url": "https://rhn.redhat.com/errata/RHSA-2014-0686.html"
|
|
},
|
|
{
|
|
"name": "MDVSA-2015:052",
|
|
"refsource": "MANDRIVA",
|
|
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:052"
|
|
},
|
|
{
|
|
"name": "59724",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/59724"
|
|
},
|
|
{
|
|
"name": "DSA-3530",
|
|
"refsource": "DEBIAN",
|
|
"url": "http://www.debian.org/security/2016/dsa-3530"
|
|
},
|
|
{
|
|
"name": "http://tomcat.apache.org/security-7.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://tomcat.apache.org/security-7.html"
|
|
},
|
|
{
|
|
"name": "57675",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/57675"
|
|
},
|
|
{
|
|
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
|
|
"refsource": "BUGTRAQ",
|
|
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
|
|
},
|
|
{
|
|
"name": "RHSA-2014:0344",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html"
|
|
},
|
|
{
|
|
"name": "HPSBUX03150",
|
|
"refsource": "HP",
|
|
"url": "http://marc.info/?l=bugtraq&m=141390017113542&w=2"
|
|
},
|
|
{
|
|
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678113"
|
|
},
|
|
{
|
|
"name": "http://tomcat.apache.org/security-8.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://tomcat.apache.org/security-8.html"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
|
|
},
|
|
{
|
|
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21677147"
|
|
},
|
|
{
|
|
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21678231"
|
|
},
|
|
{
|
|
"name": "http://advisories.mageia.org/MGASA-2014-0148.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://advisories.mageia.org/MGASA-2014-0148.html"
|
|
},
|
|
{
|
|
"name": "59722",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/59722"
|
|
},
|
|
{
|
|
"name": "http://tomcat.apache.org/security-6.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://tomcat.apache.org/security-6.html"
|
|
},
|
|
{
|
|
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013"
|
|
},
|
|
{
|
|
"name": "59675",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/59675"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
|
|
},
|
|
{
|
|
"name": "USN-2130-1",
|
|
"refsource": "UBUNTU",
|
|
"url": "http://www.ubuntu.com/usn/USN-2130-1"
|
|
},
|
|
{
|
|
"name": "59873",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/59873"
|
|
},
|
|
{
|
|
"name": "RHSA-2014:0343",
|
|
"refsource": "REDHAT",
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html"
|
|
},
|
|
{
|
|
"name": "http://svn.apache.org/viewvc?view=revision&revision=1521854",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://svn.apache.org/viewvc?view=revision&revision=1521854"
|
|
},
|
|
{
|
|
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
|
|
"refsource": "FULLDISC",
|
|
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
|
|
},
|
|
{
|
|
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667883"
|
|
},
|
|
{
|
|
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1069921"
|
|
},
|
|
{
|
|
"name": "HPSBOV03503",
|
|
"refsource": "HP",
|
|
"url": "http://marc.info/?l=bugtraq&m=144498216801440&w=2"
|
|
},
|
|
{
|
|
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html"
|
|
},
|
|
{
|
|
"name": "http://svn.apache.org/viewvc?view=revision&revision=1552565",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://svn.apache.org/viewvc?view=revision&revision=1552565"
|
|
},
|
|
{
|
|
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21675886"
|
|
},
|
|
{
|
|
"name": "http://svn.apache.org/viewvc?view=revision&revision=1521829",
|
|
"refsource": "CONFIRM",
|
|
"url": "http://svn.apache.org/viewvc?view=revision&revision=1521829"
|
|
},
|
|
{
|
|
"name": "65773",
|
|
"refsource": "BID",
|
|
"url": "http://www.securityfocus.com/bid/65773"
|
|
},
|
|
{
|
|
"name": "59036",
|
|
"refsource": "SECUNIA",
|
|
"url": "http://secunia.com/advisories/59036"
|
|
}
|
|
]
|
|
}
|
|
} |