CVE-2012-3544 in Ubuntu

CVE-2012-3544

Priority

Description

Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly
handle chunk extensions in chunked transfer coding, which allows remote
attackers to cause a denial of service by streaming data.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
http://mail-archives.apache.org/mod_mbox/tomcat-announce/201305.mbox/%3C518CB1D9.6020808@apache.org%3E
http://tomcat.apache.org/security-6.html
https://usn.ubuntu.com/usn/usn-1841-1

Notes

Package

Source: tomcat6 (LP Ubuntu Debian)

Upstream:	released (6.0.37)
Ubuntu 12.04 ESM (Precise Pangolin):	released (6.0.35-1ubuntu3.3)
Ubuntu 14.04 ESM (Trusty Tahr):	DNE (trusty was not-affected [6.0.39-1])
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected (6.0.39-1)

Patches:

Upstream:

http://svn.apache.org/viewvc?view=revision&revision=1476592

Package

Source: tomcat7 (LP Ubuntu Debian)

Upstream:	released (7.0.30)
Ubuntu 12.04 ESM (Precise Pangolin):	DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):	not-affected
Ubuntu 16.04 LTS (Xenial Xerus):	not-affected

Patches:

Upstream:	http://svn.apache.org/viewvc?view=rev&rev=1378702
Upstream:	http://svn.apache.org/viewvc?view=rev&rev=1378921

More Information

Updated: 2019-12-05 20:59:44 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)