CVE-2012-3544 – org.apache.tomcat:tomcat

Package

Manager: maven
Name: org.apache.tomcat:tomcat
Vulnerable Version: >=6.0.0 <6.0.37 || >=7.0.0 <7.0.30

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.38137 pctl0.97123

Details

Apache Tomcat Vulnerable to Denial of Service (DoS) via Improper Handling of chunk extensions Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.

Metadata

Created: 2022-05-14T01:10:36Z
Modified: 2025-04-12T00:09:08Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-qfxv-3ppc-7qg5/GHSA-qfxv-3ppc-7qg5.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-qfxv-3ppc-7qg5
Finding: F184
Auto approve: 1