VIR Vulnerability Intelligence Relay

CVE-2013-4286

medium
Published 2014-02-26 · Modified 2024-12-07
CVSS v3
CVSS v2
5.8
VIR risk
5.8

Description

Apache Tomcat is vulnerable to HTTP request-smuggling

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-8.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-7.html

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://tomcat.apache.org/security-6.html

Package impact
EcosystemPackageVulnerableFixed
java Mavenorg.apache.tomcat:tomcat<6.0.396.0.39
java Mavenorg.apache.tomcat:tomcat>=7.0.0,<7.0.477.0.47
java Mavenorg.apache.tomcat:tomcat>=8.0.0-RC1,<8.0.0-RC38.0.0-RC3

Application impact
VendorProductVersionsFixed
apache apachetomcat5.5.4
apache apachetomcat5.5.2
apache apachetomcat5.5.3
apache apachetomcat7.0.0
apache apachetomcat7.0.1
apache apachetomcat7.0.2
apache apachetomcat7.0.3
apache apachetomcat7.0.4
apache apachetomcat7.0.10
apache apachetomcat7.0.11
apache apachetomcat7.0.12
apache apachetomcat7.0.13
apache apachetomcat7.0.14
apache apachetomcat7.0.15
apache apachetomcat7.0.16
apache apachetomcat7.0.17
apache apachetomcat7.0.18
apache apachetomcat7.0.19
apache apachetomcat7.0.20
apache apachetomcat7.0.21
apache apachetomcat7.0.22
apache apachetomcat7.0.23
apache apachetomcat7.0.24
apache apachetomcat7.0.25
apache apachetomcat7.0.26
apache apachetomcat7.0.27
apache apachetomcat7.0.28
apache apachetomcat7.0.29
apache apachetomcat7.0.30
apache apachetomcat7.0.31
apache apachetomcat7.0.32
apache apachetomcat7.0.33
apache apachetomcat7.0.34
apache apachetomcat7.0.35
apache apachetomcat7.0.36
apache apachetomcat7.0.37
apache apachetomcat7.0.38
apache apachetomcat7.0.39
apache apachetomcat7.0.40
apache apachetomcat7.0.41
apache apachetomcat7.0.42
apache apachetomcat7.0.43
apache apachetomcat7.0.44
apache apachetomcat7.0.45
apache apachetomcat7.0.46
apache apachetomcat8.0.0
apache apachetomcat{"endIncluding":"6.0.37"}
apache apachetomcat1.1.3
apache apachetomcat3.0
apache apachetomcat3.1
apache apachetomcat3.1.1
apache apachetomcat3.2
apache apachetomcat3.2.1
apache apachetomcat3.2.2
apache apachetomcat3.2.3
apache apachetomcat3.2.4
apache apachetomcat3.3
apache apachetomcat3.3.1
apache apachetomcat3.3.1a
apache apachetomcat3.3.2
apache apachetomcat4
apache apachetomcat4.0.0
apache apachetomcat4.0.1
apache apachetomcat4.0.2
apache apachetomcat4.0.3
apache apachetomcat4.0.4
apache apachetomcat4.0.5
apache apachetomcat4.0.6
apache apachetomcat4.1.0
apache apachetomcat4.1.1
apache apachetomcat4.1.2
apache apachetomcat4.1.3
apache apachetomcat4.1.9
apache apachetomcat4.1.10
apache apachetomcat4.1.12
apache apachetomcat4.1.15
apache apachetomcat4.1.24
apache apachetomcat4.1.28
apache apachetomcat4.1.29
apache apachetomcat4.1.31
apache apachetomcat4.1.36
apache apachetomcat5
apache apachetomcat5.0.0
apache apachetomcat5.0.1
apache apachetomcat5.0.2
apache apachetomcat5.0.3
apache apachetomcat5.0.4
apache apachetomcat5.0.5
apache apachetomcat5.0.6
apache apachetomcat5.0.7
apache apachetomcat5.0.8
apache apachetomcat5.0.9
apache apachetomcat5.0.10
apache apachetomcat5.0.11
apache apachetomcat5.0.12
apache apachetomcat5.0.13
apache apachetomcat5.0.14
apache apachetomcat5.0.15
apache apachetomcat5.0.16
apache apachetomcat5.0.17
apache apachetomcat5.0.18
apache apachetomcat5.0.19
apache apachetomcat5.0.21
apache apachetomcat5.0.22
apache apachetomcat5.0.23
apache apachetomcat5.0.24
apache apachetomcat5.0.25
apache apachetomcat5.0.26
apache apachetomcat5.0.27
apache apachetomcat5.0.28
apache apachetomcat5.0.29
apache apachetomcat5.0.30
apache apachetomcat5.5.0
apache apachetomcat5.5.1
apache apachetomcat5.5.5
apache apachetomcat5.5.6
apache apachetomcat5.5.7
apache apachetomcat5.5.8
apache apachetomcat5.5.9
apache apachetomcat5.5.10
apache apachetomcat5.5.11
apache apachetomcat5.5.12
apache apachetomcat5.5.13
apache apachetomcat5.5.14
apache apachetomcat5.5.15
apache apachetomcat5.5.16
apache apachetomcat5.5.17
apache apachetomcat5.5.18
apache apachetomcat5.5.19
apache apachetomcat5.5.20
apache apachetomcat5.5.21
apache apachetomcat5.5.22
apache apachetomcat5.5.23
apache apachetomcat5.5.24
apache apachetomcat5.5.25
apache apachetomcat5.5.26
apache apachetomcat5.5.27
apache apachetomcat5.5.28
apache apachetomcat5.5.29
apache apachetomcat5.5.30
apache apachetomcat5.5.31
apache apachetomcat5.5.32
apache apachetomcat5.5.33
apache apachetomcat5.5.34
apache apachetomcat5.5.35
apache apachetomcat6
apache apachetomcat6.0
apache apachetomcat6.0.0
apache apachetomcat6.0.1
apache apachetomcat6.0.2
apache apachetomcat6.0.3
apache apachetomcat6.0.10
apache apachetomcat6.0.11
apache apachetomcat6.0.12
apache apachetomcat6.0.13
apache apachetomcat6.0.14
apache apachetomcat6.0.15
apache apachetomcat6.0.16
apache apachetomcat6.0.17
apache apachetomcat6.0.18
apache apachetomcat6.0.19
apache apachetomcat6.0.20
apache apachetomcat6.0.24
apache apachetomcat6.0.26
apache apachetomcat6.0.27
apache apachetomcat6.0.28
apache apachetomcat6.0.29
apache apachetomcat6.0.30
apache apachetomcat6.0.31
apache apachetomcat6.0.32
apache apachetomcat6.0.33
apache apachetomcat6.0.35
apache apachetomcat6.0.36

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.