CVE-2013-4286

Public on 2014-02-26
Modified on 2014-09-18
Description
It was found that when Tomcat / JBoss Web processed a series of HTTP requests in which at least one request contained either multiple content-length headers, or one content-length header with a chunked transfer-encoding header, Tomcat / JBoss Web would incorrectly handle the request. A remote attacker could use this flaw to poison a web cache, perform cross-site scripting (XSS) attacks, or obtain sensitive information from other requests.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 tomcat6 2014-05-21 ALAS-2014-344 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N
NVD CVSSv2 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N