MGASA-2014-0149

Advisory lineage Upstream: 3 Downstream: 0

Upstream

CVE-2013-4286 CVE-2013-4322 CVE-2013-4590

Published: 03 Apr 2014, 00:16

Last modified:16 Apr 2026, 06:25

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Apr 2014, 00:16

Published

Vulnerability first disclosed

16 Apr 2026, 06:25

Last Modified

Vulnerability information updated

Description

Updated tomcat package fixes security vulnerabilities Apache Tomcat 7.x before 7.0.50 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data (CVE-2013-4322). Apache Tomcat 7.x before 7.0.50 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue (CVE-2013-4590).

Affected Systems

mageia•tomcat
< 7.0.52-1.mga4

MGASA-2014-0149

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)