NVD Vulnerability Detail

CVE-2013-4322

Summary	Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
Publication Date	Feb. 26, 2014, 11:55 p.m.
Registration Date	Jan. 26, 2021, 3:43 p.m.
Last Update	Nov. 21, 2024, 10:55 a.m.

CVSS2.0 : MEDIUM
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:N/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:3.1:::::::*
cpe:2.3:a:apache:tomcat:4.1.2:::::::*
cpe:2.3:a:apache:tomcat:4.0.4:::::::*
cpe:2.3:a:apache:tomcat:4.1.36:::::::*
cpe:2.3:a:apache:tomcat:3.2.1:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:beta::::::
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:5.0.8:::::::*
cpe:2.3:a:apache:tomcat:5:::::::*
cpe:2.3:a:apache:tomcat:5.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:4.1.24:::::::*
cpe:2.3:a:apache:tomcat:3.2.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.0.22:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:5.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:3.2.2:beta2::::::
cpe:2.3:a:apache:tomcat:5.0.9:::::::*
cpe:2.3:a:apache:tomcat:5.0.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.35:::::::*
cpe:2.3:a:apache:tomcat:3.3.2:::::::*
cpe:2.3:a:apache:tomcat:5.0.30:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.0.23:::::::*
cpe:2.3:a:apache:tomcat:1.1.3:::::::*
cpe:2.3:a:apache:tomcat:3.2.4:::::::*
cpe:2.3:a:apache:tomcat:5.0.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:5.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.30:::::::*
cpe:2.3:a:apache:tomcat:5.0.21:::::::*
cpe:2.3:a:apache:tomcat:3.0:::::::*
cpe:2.3:a:apache:tomcat:5.0.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:5.0.0:::::::*
cpe:2.3:a:apache:tomcat:5.0.6:::::::*
cpe:2.3:a:apache:tomcat:4.1.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:5.0.27:::::::*
cpe:2.3:a:apache:tomcat:4.1.29:::::::*
cpe:2.3:a:apache:tomcat:5.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:4.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:5.5.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:4.0.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.37
cpe:2.3:a:apache:tomcat:5.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.33:::::::*
cpe:2.3:a:apache:tomcat:4.0.1:::::::*
cpe:2.3:a:apache:tomcat:3.3.1a:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.0.5:::::::*
cpe:2.3:a:apache:tomcat:5.0.28:::::::*
cpe:2.3:a:apache:tomcat:5.0.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:4.1.12:::::::*
cpe:2.3:a:apache:tomcat:4.1.28:::::::*
cpe:2.3:a:apache:tomcat:5.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:beta::::::
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:4.1.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.0.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:3.1.1:::::::*
cpe:2.3:a:apache:tomcat:4.0.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.0.0:::::::*
cpe:2.3:a:apache:tomcat:4:::::::*
cpe:2.3:a:apache:tomcat:5.0.4:::::::*
cpe:2.3:a:apache:tomcat:3.2.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:5.0.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.0.1:::::::*
cpe:2.3:a:apache:tomcat:3.2:::::::*
cpe:2.3:a:apache:tomcat:3.3.1:::::::*
cpe:2.3:a:apache:tomcat:5.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:5.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:5.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:3.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:5.0.12:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:8.0.0:rc6::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc9::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc7::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc8::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc4::::::

Related information, measures and tools

No	URL	タグ
1	http://advisories.mageia.org/MGASA-2014-0148.html
2	http://advisories.mageia.org/MGASA-2014-0148.html
3	http://marc.info/?l=bugtraq&m=144498216801440&w=2
4	http://marc.info/?l=bugtraq&m=144498216801440&w=2
5	http://seclists.org/fulldisclosure/2014/Dec/23
6	http://seclists.org/fulldisclosure/2014/Dec/23
7	http://secunia.com/advisories/59036
8	http://secunia.com/advisories/59036
9	http://secunia.com/advisories/59675
10	http://secunia.com/advisories/59675
11	http://secunia.com/advisories/59722
12	http://secunia.com/advisories/59722
13	http://secunia.com/advisories/59724
14	http://secunia.com/advisories/59724
15	http://secunia.com/advisories/59873
16	http://secunia.com/advisories/59873
17	http://svn.apache.org/viewvc?view=revision&revision=1521834
18	http://svn.apache.org/viewvc?view=revision&revision=1521834
19	http://svn.apache.org/viewvc?view=revision&revision=1521864
20	http://svn.apache.org/viewvc?view=revision&revision=1521864
21	http://svn.apache.org/viewvc?view=revision&revision=1549522
22	http://svn.apache.org/viewvc?view=revision&revision=1549522
23	http://svn.apache.org/viewvc?view=revision&revision=1549523
24	http://svn.apache.org/viewvc?view=revision&revision=1549523
25	http://svn.apache.org/viewvc?view=revision&revision=1556540
26	http://svn.apache.org/viewvc?view=revision&revision=1556540
27	http://tomcat.apache.org/security-6.html	Vendor Advisory
28	http://tomcat.apache.org/security-6.html	Vendor Advisory
29	http://tomcat.apache.org/security-7.html	Vendor Advisory
30	http://tomcat.apache.org/security-7.html	Vendor Advisory
31	http://tomcat.apache.org/security-8.html	Vendor Advisory
32	http://tomcat.apache.org/security-8.html	Vendor Advisory
33	http://www.debian.org/security/2016/dsa-3530
34	http://www.debian.org/security/2016/dsa-3530
35	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
36	http://www.mandriva.com/security/advisories?name=MDVSA-2015:052
37	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
38	http://www.mandriva.com/security/advisories?name=MDVSA-2015:084
39	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
40	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
41	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
42	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
43	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
44	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
45	http://www.securityfocus.com/archive/1/534161/100/0/threaded
46	http://www.securityfocus.com/archive/1/534161/100/0/threaded
47	http://www.securityfocus.com/bid/65767
48	http://www.securityfocus.com/bid/65767
49	http://www.ubuntu.com/usn/USN-2130-1
50	http://www.ubuntu.com/usn/USN-2130-1
51	http://www.vmware.com/security/advisories/VMSA-2014-0008.html
52	http://www.vmware.com/security/advisories/VMSA-2014-0008.html
53	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
54	http://www.vmware.com/security/advisories/VMSA-2014-0012.html
55	http://www-01.ibm.com/support/docview.wss?uid=swg21667883
56	http://www-01.ibm.com/support/docview.wss?uid=swg21667883
57	http://www-01.ibm.com/support/docview.wss?uid=swg21675886
58	http://www-01.ibm.com/support/docview.wss?uid=swg21675886
59	http://www-01.ibm.com/support/docview.wss?uid=swg21677147
60	http://www-01.ibm.com/support/docview.wss?uid=swg21677147
61	http://www-01.ibm.com/support/docview.wss?uid=swg21678113
62	http://www-01.ibm.com/support/docview.wss?uid=swg21678113
63	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
64	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
65	https://bugzilla.redhat.com/show_bug.cgi?id=1069905
66	https://bugzilla.redhat.com/show_bug.cgi?id=1069905
67	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
68	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04851013
69	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
70	https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
71	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
72	https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
73	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
74	https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
75	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
76	https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
77	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
78	https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
79	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
80	https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
81	https://rhn.redhat.com/errata/RHSA-2014-0686.html
82	https://rhn.redhat.com/errata/RHSA-2014-0686.html

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

JVN Vulnerability Information

Apache Tomcat におけるサービス運用妨害 (DoS) の脆弱性

Title	Apache Tomcat におけるサービス運用妨害 (DoS) の脆弱性
Summary	Apache Tomcat は、(1) 大量のチャンクデータの総量、または (2) トレーラフィールド内の HTTP ヘッダ値の空白文字を適切に処理せずに、チャンク形式転送コーディング (chunked transfer coding) を処理するため、サービス運用妨害 (DoS) 状態にされる脆弱性が存在します。本脆弱性は、CVE-2012-3544 に対する修正が不十分だったことによる脆弱性です。
Possible impacts	第三者により、データをストリーミングされることで、サービス運用妨害 (DoS) 状態にされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 26, 2013, midnight
Registration Date	Feb. 27, 2014, 4:31 p.m.
Last Update	Nov. 22, 2016, 4 p.m.

Affected System

Apache Software Foundation

Apache Tomcat 6.0.39 未満

Apache Tomcat 7.0.50 未満の 7.x

Apache Tomcat 8.0.0-RC10 未満の 8.x

オラクル

Oracle Communications Policy Management 10.4.1

Oracle Communications Policy Management 12.1.1 およびそれ以前

Oracle Communications Policy Management 9.7.3

Oracle Communications Policy Management 9.9.1

Oracle Fusion Middleware の Oracle Enterprise Data Quality 8.1.2

Oracle Fusion Middleware の Oracle Enterprise Data Quality 9.0.11

Oracle Virtualization の Oracle Secure Global Desktop 4.63

Oracle Virtualization の Oracle Secure Global Desktop 4.71

Oracle Virtualization の Oracle Secure Global Desktop 5.0

Oracle Virtualization の Oracle Secure Global Desktop 5.1

IBM

IBM IMS Enterprise Suite の SOAP Gateway 2.2

IBM IMS Enterprise Suite の SOAP Gateway 3.1

IBM Security QRadar SIEM 7.1 MR2

IBM Security QRadar SIEM 7.2 MR2

Rational Connector for SAP Solution Manager 4.0.0.x

Rational Lifecycle Integration Adapter for HP ALM 1.0 から 1.1

Rational Test Virtualization Server の Rational Test Control Panel 8.0.x

Rational Test Virtualization Server の Rational Test Control Panel 8.5.0.x

Rational Test Workbench の Rational Test Control Panel 8.0.x

Rational Test Workbench の Rational Test Control Panel 8.5.0.x

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-4322	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4322
National Vulnerability Database (NVD)
2	CVE-2013-4322	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4322

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apache Tomcat
1	Apache Tomcat 6.x vulnerabilities	http://tomcat.apache.org/security-6.html
2	Apache Tomcat 7.x vulnerabilities	http://tomcat.apache.org/security-7.html
3	Apache Tomcat 8.x vulnerabilities	http://tomcat.apache.org/security-8.html
Apache-SVN
4	Revision 1521834	http://svn.apache.org/viewvc?view=revision&revision=1521834
5	Revision 1521864	http://svn.apache.org/viewvc?view=revision&revision=1521864
6	Revision 1549522	http://svn.apache.org/viewvc?view=revision&revision=1549522
7	Revision 1549523	http://svn.apache.org/viewvc?view=revision&revision=1549523
8	Revision 1556540	http://svn.apache.org/viewvc?view=revision&revision=1556540
IBM Support Document
9	1667883	http://www-01.ibm.com/support/docview.wss?uid=swg21667883
10	1675886	http://www-01.ibm.com/support/docview.wss?uid=swg21675886
11	1677147	http://www-01.ibm.com/support/docview.wss?uid=swg21677147
12	1678113	http://www-01.ibm.com/support/docview.wss?uid=swg21678113
13	1678231	http://www-01.ibm.com/support/docview.wss?uid=swg21678231
Oracle Critical Patch Update
14	Oracle Critical Patch Update Advisory - July 2014	http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
15	Oracle Critical Patch Update Advisory - October 2014	http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
16	Oracle Critical Patch Update Advisory - October 2016	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
17	Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2014verbose-1972958.html
18	Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html
19	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html
Red Hat Bugzilla
20	Bug 1069905	https://bugzilla.redhat.com/show_bug.cgi?id=1069905
Red Hat Security Advisory
21	RHSA-2014:0686	https://rhn.redhat.com/errata/RHSA-2014-0686.html
SECURITY BLOG
22	Multiple vulnerabilities in Apache Tomcat	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat4
23	October 2014 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2014_critical_patch_update
24	October 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update

Change Log

No	Changed Details	Date of change
0	[2014年02月27日] 掲載 [2014年06月02日] ベンダ情報：オラクル (Multiple vulnerabilities in Apache Tomcat) を追加 [2014年07月25日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：IBM (1667883) を追加ベンダ情報：IBM (1675886) を追加ベンダ情報：IBM (1677147) を追加ベンダ情報：IBM (1678113) を追加ベンダ情報：IBM (1678231) を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2014 Risk Matrices) を追加ベンダ情報：レッドハット (RHSA-2014:0686) を追加 [2014年10月21日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2014) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2014 Risk Matrices) を追加ベンダ情報：オラクル (October 2014 Critical Patch Update Released) を追加 [2016年11月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - October 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices) を追加ベンダ情報：オラクル (October 2016 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:7.0.2:beta::::::
cpe:2.3:a:apache:tomcat:7.0.12:::::::*
cpe:2.3:a:apache:tomcat:7.0.20:::::::*
cpe:2.3:a:apache:tomcat:7.0.34:::::::*
cpe:2.3:a:apache:tomcat:7.0.1:::::::*
cpe:2.3:a:apache:tomcat:7.0.2:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:beta::::::
cpe:2.3:a:apache:tomcat:7.0.22:::::::*
cpe:2.3:a:apache:tomcat:7.0.39:::::::*
cpe:2.3:a:apache:tomcat:7.0.26:::::::*
cpe:2.3:a:apache:tomcat:7.0.46:::::::*
cpe:2.3:a:apache:tomcat:7.0.28:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:::::::*
cpe:2.3:a:apache:tomcat:7.0.50:::::::*
cpe:2.3:a:apache:tomcat:7.0.18:::::::*
cpe:2.3:a:apache:tomcat:7.0.14:::::::*
cpe:2.3:a:apache:tomcat:7.0.11:::::::*
cpe:2.3:a:apache:tomcat:7.0.23:::::::*
cpe:2.3:a:apache:tomcat:7.0.0:beta::::::
cpe:2.3:a:apache:tomcat:7.0.44:::::::*
cpe:2.3:a:apache:tomcat:7.0.42:::::::*
cpe:2.3:a:apache:tomcat:7.0.37:::::::*
cpe:2.3:a:apache:tomcat:7.0.29:::::::*
cpe:2.3:a:apache:tomcat:7.0.45:::::::*
cpe:2.3:a:apache:tomcat:7.0.13:::::::*
cpe:2.3:a:apache:tomcat:7.0.41:::::::*
cpe:2.3:a:apache:tomcat:7.0.31:::::::*
cpe:2.3:a:apache:tomcat:7.0.30:::::::*
cpe:2.3:a:apache:tomcat:7.0.15:::::::*
cpe:2.3:a:apache:tomcat:7.0.19:::::::*
cpe:2.3:a:apache:tomcat:7.0.16:::::::*
cpe:2.3:a:apache:tomcat:7.0.10:::::::*
cpe:2.3:a:apache:tomcat:7.0.36:::::::*
cpe:2.3:a:apache:tomcat:7.0.25:::::::*
cpe:2.3:a:apache:tomcat:7.0.35:::::::*
cpe:2.3:a:apache:tomcat:7.0.43:::::::*
cpe:2.3:a:apache:tomcat:7.0.32:::::::*
cpe:2.3:a:apache:tomcat:7.0.38:::::::*
cpe:2.3:a:apache:tomcat:7.0.21:::::::*
cpe:2.3:a:apache:tomcat:7.0.27:::::::*
cpe:2.3:a:apache:tomcat:7.0.24:::::::*
cpe:2.3:a:apache:tomcat:7.0.17:::::::*
cpe:2.3:a:apache:tomcat:7.0.40:::::::*
cpe:2.3:a:apache:tomcat:7.0.4:::::::*
cpe:2.3:a:apache:tomcat:7.0.3:::::::*
cpe:2.3:a:apache:tomcat:7.0.33:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:5.5.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.33:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:alpha::::::
cpe:2.3:a:apache:tomcat:3.1:::::::*
cpe:2.3:a:apache:tomcat:4.1.2:::::::*
cpe:2.3:a:apache:tomcat:4.0.4:::::::*
cpe:2.3:a:apache:tomcat:4.1.36:::::::*
cpe:2.3:a:apache:tomcat:3.2.1:::::::*
cpe:2.3:a:apache:tomcat:4.1.9:beta::::::
cpe:2.3:a:apache:tomcat:5.5.18:::::::*
cpe:2.3:a:apache:tomcat:5.0.8:::::::*
cpe:2.3:a:apache:tomcat:5:::::::*
cpe:2.3:a:apache:tomcat:5.0.19:::::::*
cpe:2.3:a:apache:tomcat:6.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.12:::::::*
cpe:2.3:a:apache:tomcat:5.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.14:::::::*
cpe:2.3:a:apache:tomcat:4.1.24:::::::*
cpe:2.3:a:apache:tomcat:3.2.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.10:::::::*
cpe:2.3:a:apache:tomcat:5.0.22:::::::*
cpe:2.3:a:apache:tomcat:5.5.4:::::::*
cpe:2.3:a:apache:tomcat:5.5.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.1:::::::*
cpe:2.3:a:apache:tomcat:6:::::::*
cpe:2.3:a:apache:tomcat:5.0.7:::::::*
cpe:2.3:a:apache:tomcat:5.5.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.6:::::::*
cpe:2.3:a:apache:tomcat:5.5.26:::::::*
cpe:2.3:a:apache:tomcat:3.2.2:beta2::::::
cpe:2.3:a:apache:tomcat:5.0.9:::::::*
cpe:2.3:a:apache:tomcat:5.0.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.35:::::::*
cpe:2.3:a:apache:tomcat:3.3.2:::::::*
cpe:2.3:a:apache:tomcat:5.0.30:::::::*
cpe:2.3:a:apache:tomcat:5.5.20:::::::*
cpe:2.3:a:apache:tomcat:5.5.15:::::::*
cpe:2.3:a:apache:tomcat:5.0.23:::::::*
cpe:2.3:a:apache:tomcat:1.1.3:::::::*
cpe:2.3:a:apache:tomcat:3.2.4:::::::*
cpe:2.3:a:apache:tomcat:5.0.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.5:::::::*
cpe:2.3:a:apache:tomcat:5.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.15:::::::*
cpe:2.3:a:apache:tomcat:5.5.30:::::::*
cpe:2.3:a:apache:tomcat:5.0.21:::::::*
cpe:2.3:a:apache:tomcat:3.0:::::::*
cpe:2.3:a:apache:tomcat:5.0.26:::::::*
cpe:2.3:a:apache:tomcat:5.5.21:::::::*
cpe:2.3:a:apache:tomcat:5.5.22:::::::*
cpe:2.3:a:apache:tomcat:6.0.20:::::::*
cpe:2.3:a:apache:tomcat:6.0.10:::::::*
cpe:2.3:a:apache:tomcat:6.0.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.29:::::::*
cpe:2.3:a:apache:tomcat:6.0.3:::::::*
cpe:2.3:a:apache:tomcat:5.0.0:::::::*
cpe:2.3:a:apache:tomcat:5.0.6:::::::*
cpe:2.3:a:apache:tomcat:4.1.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:alpha::::::
cpe:2.3:a:apache:tomcat:6.0.24:::::::*
cpe:2.3:a:apache:tomcat:5.5.3:::::::*
cpe:2.3:a:apache:tomcat:5.0.27:::::::*
cpe:2.3:a:apache:tomcat:4.1.29:::::::*
cpe:2.3:a:apache:tomcat:5.0.16:::::::*
cpe:2.3:a:apache:tomcat:6.0.17:::::::*
cpe:2.3:a:apache:tomcat:4.0.6:::::::*
cpe:2.3:a:apache:tomcat:6.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.32:::::::*
cpe:2.3:a:apache:tomcat:6.0.32:::::::*
cpe:2.3:a:apache:tomcat:5.5.31:::::::*
cpe:2.3:a:apache:tomcat:6.0.28:::::::*
cpe:2.3:a:apache:tomcat:5.5.9:::::::*
cpe:2.3:a:apache:tomcat:4.0.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.25:::::::*
cpe:2.3:a:apache:tomcat::::::::		6.0.37
cpe:2.3:a:apache:tomcat:5.0.18:::::::*
cpe:2.3:a:apache:tomcat:6.0.0:::::::*
cpe:2.3:a:apache:tomcat:5.5.33:::::::*
cpe:2.3:a:apache:tomcat:4.0.1:::::::*
cpe:2.3:a:apache:tomcat:3.3.1a:::::::*
cpe:2.3:a:apache:tomcat:6.0.14:::::::*
cpe:2.3:a:apache:tomcat:5.5.2:::::::*
cpe:2.3:a:apache:tomcat:5.0.5:::::::*
cpe:2.3:a:apache:tomcat:5.0.28:::::::*
cpe:2.3:a:apache:tomcat:5.0.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.0:::::::*
cpe:2.3:a:apache:tomcat:4.1.1:::::::*
cpe:2.3:a:apache:tomcat:5.5.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.1:::::::*
cpe:2.3:a:apache:tomcat:6.0.12:::::::*
cpe:2.3:a:apache:tomcat:5.5.24:::::::*
cpe:2.3:a:apache:tomcat:4.1.12:::::::*
cpe:2.3:a:apache:tomcat:4.1.28:::::::*
cpe:2.3:a:apache:tomcat:5.0.13:::::::*
cpe:2.3:a:apache:tomcat:6.0.18:::::::*
cpe:2.3:a:apache:tomcat:5.5.34:::::::*
cpe:2.3:a:apache:tomcat:4.1.15:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:beta::::::
cpe:2.3:a:apache:tomcat:6.0.2:alpha::::::
cpe:2.3:a:apache:tomcat:4.1.10:::::::*
cpe:2.3:a:apache:tomcat:5.5.8:::::::*
cpe:2.3:a:apache:tomcat:5.0.17:::::::*
cpe:2.3:a:apache:tomcat:5.5.16:::::::*
cpe:2.3:a:apache:tomcat:4.1.0:::::::*
cpe:2.3:a:apache:tomcat:3.1.1:::::::*
cpe:2.3:a:apache:tomcat:4.0.2:::::::*
cpe:2.3:a:apache:tomcat:5.5.17:::::::*
cpe:2.3:a:apache:tomcat:4.1.3:::::::*
cpe:2.3:a:apache:tomcat:5.5.29:::::::*
cpe:2.3:a:apache:tomcat:5.5.19:::::::*
cpe:2.3:a:apache:tomcat:4.0.5:::::::*
cpe:2.3:a:apache:tomcat:4.0.0:::::::*
cpe:2.3:a:apache:tomcat:4:::::::*
cpe:2.3:a:apache:tomcat:5.0.4:::::::*
cpe:2.3:a:apache:tomcat:3.2.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.30:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:::::::*
cpe:2.3:a:apache:tomcat:5.0.25:::::::*
cpe:2.3:a:apache:tomcat:6.0.2:beta::::::
cpe:2.3:a:apache:tomcat:6.0.13:::::::*
cpe:2.3:a:apache:tomcat:5.0.1:::::::*
cpe:2.3:a:apache:tomcat:3.2:::::::*
cpe:2.3:a:apache:tomcat:3.3.1:::::::*
cpe:2.3:a:apache:tomcat:5.0.11:::::::*
cpe:2.3:a:apache:tomcat:5.5.23:::::::*
cpe:2.3:a:apache:tomcat:6.0.26:::::::*
cpe:2.3:a:apache:tomcat:5.0.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.19:::::::*
cpe:2.3:a:apache:tomcat:5.0.24:::::::*
cpe:2.3:a:apache:tomcat:6.0.27:::::::*
cpe:2.3:a:apache:tomcat:6.0.35:::::::*
cpe:2.3:a:apache:tomcat:6.0.16:::::::*
cpe:2.3:a:apache:tomcat:3.3:::::::*
cpe:2.3:a:apache:tomcat:6.0.36:::::::*
cpe:2.3:a:apache:tomcat:5.0.12:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:tomcat:8.0.0:rc6::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc9::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc7::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc3::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc2::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc1::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc8::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc5::::::
cpe:2.3:a:apache:tomcat:8.0.0:rc4::::::