Signature Detail

HTTP: Apache Tomcat Large Chunked Transfer Denial of Service

A denial of service vulnerability has been identified in Apache Tomcat as it processes Chunked-Transfer encoded requests. A successful attack can result in a denial-of-service condition.

Extended Description

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Affected Products

• Apache tomcat 6.0
• Apache tomcat 6.0.0
• Apache tomcat 6.0.1
• Apache tomcat 6.0.10
• Apache tomcat 6.0.11
• Apache tomcat 6.0.12
• Apache tomcat 6.0.13
• Apache tomcat 6.0.14
• Apache tomcat 6.0.15
• Apache tomcat 6.0.16
• Apache tomcat 6.0.17
• Apache tomcat 6.0.18
• Apache tomcat 6.0.19
• Apache tomcat 6.0.2
• Apache tomcat 6.0.20
• Apache tomcat 6.0.24
• Apache tomcat 6.0.26
• Apache tomcat 6.0.27
• Apache tomcat 6.0.28
• Apache tomcat 6.0.29
• Apache tomcat 6.0.3
• Apache tomcat 6.0.30
• Apache tomcat 6.0.31
• Apache tomcat 6.0.32
• Apache tomcat 6.0.33
• Apache tomcat 6.0.35
• Apache tomcat 6.0.36
• Apache tomcat 6.0.4
• Apache tomcat 6.0.5
• Apache tomcat 6.0.6
• Apache tomcat 6.0.7
• Apache tomcat 6.0.8
• Apache tomcat 6.0.9
• Apache tomcat 7.0.0
• Apache tomcat 7.0.1
• Apache tomcat 7.0.10
• Apache tomcat 7.0.11
• Apache tomcat 7.0.12
• Apache tomcat 7.0.13
• Apache tomcat 7.0.14
• Apache tomcat 7.0.15
• Apache tomcat 7.0.16
• Apache tomcat 7.0.17
• Apache tomcat 7.0.18
• Apache tomcat 7.0.19
• Apache tomcat 7.0.2
• Apache tomcat 7.0.20
• Apache tomcat 7.0.21
• Apache tomcat 7.0.22
• Apache tomcat 7.0.23
• Apache tomcat 7.0.25
• Apache tomcat 7.0.28
• Apache tomcat 7.0.3
• Apache tomcat 7.0.4
• Apache tomcat 7.0.5
• Apache tomcat 7.0.6
• Apache tomcat 7.0.7
• Apache tomcat 7.0.8
• Apache tomcat 7.0.9

References

• CVE: CVE-2012-3544
• CVE: CVE-2013-4322