Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Apache
  • Tomcat
Redhat
  • Jboss Enterprise Web Server

Configuration 1 [-]

OR cpe:2.3:a:apache:tomcat:6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.0:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.1:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.4:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.6:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.7:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.8:alpha:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.9:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:6.0.36:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.0:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.2:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.4:beta:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:7.0.28:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat JBoss Enterprise Web Server 2 for RHEL 5
apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
dom4j-0:1.6.1-19.redhat_5.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
ecj3-1:3.7.2-6.redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
httpd-0:2.2.22-23.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
mod_jk-0:1.2.37-2.redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
tomcat6-0:6.0.37-8_patch_01.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
tomcat7-0:7.0.40-9_patch_01.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
tomcat-native-0:1.1.27-4.redhat_1.ep6.el5 cpe:/a:redhat:jboss_enterprise_web_server:2::el5 RHSA-2013:1011 2013-07-03T00:00:00Z
Red Hat JBoss Enterprise Web Server 2 for RHEL 6
apache-commons-daemon-eap6-1:1.0.15-4.redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
apache-commons-daemon-jsvc-eap6-1:1.0.15-1.redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
apache-commons-pool-eap6-0:1.6-6.redhat_4.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
dom4j-0:1.6.1-19.redhat_5.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
ecj3-1:3.7.2-6.redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
httpd-0:2.2.22-23.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
mod_cluster-0:1.2.4-1.Final_redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
mod_cluster-native-0:1.2.4-1.Final.redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
mod_jk-0:1.2.37-2.redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
tomcat6-0:6.0.37-10_patch_01.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
tomcat7-0:7.0.40-5_patch_01.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
tomcat-native-0:1.1.27-4.redhat_1.ep6.el6 cpe:/a:redhat:jboss_enterprise_web_server:2::el6 RHSA-2013:1012 2013-07-03T00:00:00Z
Red Hat JBoss Web Server 2.0
cpe:/a:redhat:jboss_enterprise_web_server:2.0 RHSA-2013:1013 2013-07-03T00:00:00Z
References
Link Providers
http://archives.neohapsis.com/archives/bugtraq/2013-05/0042.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2014/Dec/23 cve-icon cve-icon
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/coyote/http11/filters/ChunkedInputFilter.java?r1=1476592&r2=1476591&pathrev=1476592 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1378702 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1378921 cve-icon cve-icon
http://svn.apache.org/viewvc?view=revision&revision=1476592 cve-icon cve-icon
http://tomcat.apache.org/security-6.html cve-icon cve-icon
http://tomcat.apache.org/security-7.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html cve-icon cve-icon
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/534161/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/59797 cve-icon cve-icon
http://www.securityfocus.com/bid/64758 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1841-1 cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2014-0012.html cve-icon cve-icon
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-3544 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-3544 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-06T20:13:50.140Z

Reserved: 2012-06-14T00:00:00

Link: CVE-2012-3544

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2013-06-01T14:21:05.750

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-3544

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-05-10T00:00:00Z

Links: CVE-2012-3544 - Bugzilla