Apache Tomcat CVE-2013-4286 Security Bypass Vulnerability

Bugtraq ID: 65773
Class: Design Error
CVE: CVE-2013-4286
Remote: Yes
Local: No
Published: Feb 25 2014 12:00AM
Updated: Oct 26 2016 07:14AM
Credit: Apache Tomcat security team
Vulnerable: Ubuntu Ubuntu Linux 13.10
Ubuntu Ubuntu Linux 12.10
Ubuntu Ubuntu Linux 12.04 LTS
Ubuntu Ubuntu Linux 10.04.LTS
Redhat JBoss Operations Network 3.2.1
Redhat JBoss Fuse Service Works 6.0.0
Redhat JBoss Enterprise Web Server EL6 2.0
Redhat JBoss Enterprise Web Server EL5 2.0
Redhat JBoss Enterprise Application Platform 6.2 EL6
Redhat JBoss Enterprise Application Platform 6.2 EL5
Redhat JBoss Enterprise Application Platform 6 EL6
Redhat JBoss Enterprise Application Platform 6 EL5
Redhat JBoss Data Grid 6.2
Redhat JBoss Data Grid 6.1
Redhat JBoss Data Grid 6.0.1
Redhat JBoss BRMS 6.0.1
Redhat JBoss BPMS 6.0.1
Redhat JBoss BPMS 6.0
Redhat Enterprise Linux Workstation Optional 6
Redhat Enterprise Linux Workstation 7
Redhat Enterprise Linux Workstation 6
Redhat Enterprise Linux Server Optional 6
Redhat Enterprise Linux Server EUS 6.5.z
Redhat Enterprise Linux Server AUS 6.5
Redhat Enterprise Linux Server 7
Redhat Enterprise Linux Server 6
Redhat Enterprise Linux HPC Node Optional 6
Redhat Enterprise Linux HPC Node 7
Redhat Enterprise Linux HPC Node 6
Redhat Enterprise Linux Desktop Optional 6
Redhat Enterprise Linux Desktop 7
Redhat Enterprise Linux Desktop 6
PHP PHP 5.2.17.03
Oracle Secure Global Desktop 5.1
Oracle Secure Global Desktop 5.0
Oracle Secure Global Desktop 4.71
Oracle Secure Global Desktop 4.63
Oracle GoldenGate Monitor 11.1.2.1.0
Oracle Enterprise Linux 7
Oracle Enterprise Linux 6.2
Oracle Enterprise Linux 6
Oracle Communications Policy Management 12.1.1
Oracle Communications Policy Management 10.4.1
Oracle Communications Policy Management 9.9.1
Oracle Communications Policy Management 9.7.3
Oracle BI Publisher 11.1.1 7
Oracle BI Publisher 10.1.3.4.2
Mandriva Business Server 1 X86 64
Mandriva Business Server 1
Juniper Security Threat Response Manager 2013.2
Juniper Secure Analytics 2013.2
IBM WebSphere Message Broker for z/OS 8.0
IBM WebSphere Message Broker 8.0
IBM WebSphere Message Broker 7.0
IBM WebSphere Application Server Community Edition 3.0.0.4
IBM WebSphere Application Server Community Edition 2.1.1.6
IBM UrbanCode Release 6.0.1
IBM UrbanCode Release 6.0.1.3
IBM UrbanCode Release 6.0.1.2
IBM UrbanCode Release 6.0.1.1
IBM UrbanCode Release 6.0.0.1
IBM UrbanCode Release 6.0
IBM UrbanCode Deploy 6.0.1 3
IBM UrbanCode Deploy 6.0.1 2
IBM UrbanCode Deploy 6.0.1 1
IBM UrbanCode Deploy 6.0.1
IBM UrbanCode Deploy 6.0
IBM Tivoli Application Dependency Discovery Manager 7.2.2
IBM Tivoli Application Dependency Discovery Manager 7.2.1
IBM Tivoli Application Dependency Discovery Manager 7.2.0
IBM Tivoli Application Dependency Discovery Manager 7.1.2
IBM Storwize V7000 Unified 1.4.3 2
IBM Storwize V7000 Unified 1.4 1
IBM Storwize V7000 Unified 1.4 0
IBM Storwize V7000 Unified 1.3.2 3
IBM Storwize V7000 Unified 1.3.2 1
IBM Storwize V7000 Unified 1.3.2 0
IBM Storwize V7000 Unified 1.4.3.0
IBM Storwize V7000 Unified 1.4.2.1
IBM Storwize V7000 Unified 1.4.2.0
IBM Storwize V7000 Unified 1.4.1.1
IBM Storwize V7000 Unified 1.4.1.0
IBM Storwize V7000 Unified 1.3.1.0
IBM Storwize V7000 Unified 1.3.0.5
IBM Storwize V7000 Unified 1.3.0.0
IBM Storwize V7000 7.3
IBM Storwize V7000 7.2
IBM Storwize V7000 7.1
IBM Storwize V7000 6.4
IBM Storwize V7000 6.3
IBM Storwize V7000 6.2
IBM Storwize V7000 6.1
IBM Storwize V5000 7.3
IBM Storwize V5000 7.2
IBM Storwize V5000 7.1
IBM Storwize V5000 6.4
IBM Storwize V5000 6.3
IBM Storwize V5000 6.2
IBM Storwize V5000 6.1
IBM Storwize V3700 7.3
IBM Storwize V3700 7.2
IBM Storwize V3700 7.1
IBM Storwize V3700 6.4
IBM Storwize V3700 6.3
IBM Storwize V3700 6.2
IBM Storwize V3700 6.1
IBM Storwize V3500 7.3
IBM Storwize V3500 7.2
IBM Storwize V3500 7.1
IBM Storwize V3500 6.4
IBM Storwize V3500 6.3
IBM Storwize V3500 6.2
IBM Storwize V3500 6.1
IBM SOAP Gateway component of the IMS Enterprise Suite 3.1
IBM SOAP Gateway component of the IMS Enterprise Suite 2.2
IBM Scale Out Network Attached Storage 1.3.2 1-21
IBM Scale Out Network Attached Storage 1.3.2 1-20
IBM Scale Out Network Attached Storage 1.3.2
IBM Scale Out Network Attached Storage 1.3.1
IBM Scale Out Network Attached Storage 1.4.3.2
IBM Scale Out Network Attached Storage 1.4.3.1
IBM Scale Out Network Attached Storage 1.4.3.0
IBM Scale Out Network Attached Storage 1.4.2.1
IBM Scale Out Network Attached Storage 1.4.2.0
IBM Scale Out Network Attached Storage 1.4.1.0
IBM Scale Out Network Attached Storage 1.3.2.3
IBM Scale Out Network Attached Storage 1.3.2.2
IBM Scale Out Network Attached Storage 1.3.0.5
IBM Scale Out Network Attached Storage 1.3.0.4
IBM Scale Out Network Attached Storage 1.3.0.0
IBM SAN Volume Controller 7.3
IBM SAN Volume Controller 7.2
IBM SAN Volume Controller 7.1
IBM SAN Volume Controller 6.4
IBM SAN Volume Controller 6.3
IBM SAN Volume Controller 6.2
IBM SAN Volume Controller 6.1
IBM Rational Test Workbench 8.5 2
IBM Rational Test Workbench 8.5 1
IBM Rational Test Workbench 8.0.1 4
IBM Rational Test Workbench 8.0.1 3
IBM Rational Test Workbench 8.0.1 2
IBM Rational Test Workbench 8.0.1 1
IBM Rational Test Workbench 8.0.1
IBM Rational Test Workbench 8.0 3
IBM Rational Test Workbench 8.0 2
IBM Rational Test Workbench 8.0 1
IBM Rational Test Workbench 8.5
IBM Rational Test Workbench 8.0
IBM Rational SAP Connector 4.0.0.3
IBM Rational SAP Connector 4.0.0.2
IBM Rational SAP Connector 4.0.0.1
IBM Rational Lifecycle Adapter for HP ALM 1.1
IBM Rational Lifecycle Adapter for HP ALM 1.0
IBM Rational Build Forge 7.1.3 5
IBM Rational Build Forge 7.1.3 4
IBM Rational Build Forge 7.1.3 3
IBM Rational Build Forge 7.1.3 2
IBM Rational Build Forge 7.1.3 1
IBM Rational Build Forge 7.1.3
IBM Rational Build Forge 8.0.0.1
IBM Rational Build Forge 8.0
IBM Rational Automation Framework 3.0.1
IBM Rational Automation Framework 3.0.1.2
IBM Rational Automation Framework 3.0.1.1
IBM QRadar Security Information and Event Manager 7.2 MR2
IBM QRadar Security Information and Event Manager 7.2
IBM QRadar Security Information and Event Manager 7.1MR2
IBM QRadar Security Information and Event Manager 7.1
IBM OpenPages GRC Platform 7.0
IBM OpenPages GRC Platform 6.2.1
IBM OpenPages GRC Platform 6.1.0.1
IBM OpenPages GRC Platform 6.0.1.5
IBM Integration Bus for z/OS 9.0.0.0
IBM Integration Bus 9.0.0.0
IBM Flex System V7000 7.3
IBM Flex System V7000 7.2
IBM Flex System V7000 7.1
IBM Flex System V7000 6.4
IBM Flex System V7000 6.3
IBM Flex System V7000 6.2
IBM Flex System V7000 6.1
IBM FlashSystem 840 9848-AE1
IBM FlashSystem 840 9846-AE1
IBM CCR Drop 13.7
IBM CCR Drop 13.5
IBM CCR 5.0
IBM CCR 4.9
IBM ARA 2.5.7 2
IBM ARA 2.5.7 1
IBM ARA 2.5.6
IBM ARA 2.5.5 2
IBM ARA 2.5.5
IBM ARA 2.5.4
IBM ARA 2.5.3
IBM ARA 2.5.2
IBM ARA 2.5.1
IBM ARA 2.5
IBM ARA 2.4.2
IBM ARA 2.4.1
IBM ARA 2.4 1
IBM Algo One 5.0
IBM Algo One 4.9
IBM Algo One 4.8
IBM Algo One 4.7.1
IBM Algo One 4.7
IBM Algo One 4.9.1
IBM Algo Audit and Compliance 2.1.0.2
IBM Algo Audit and Compliance 2.1
HP OpenVMS CSWS_JAVA 7.0.29
HP HP-UX Web Server Suite 3.29
HP HP-UX B.11.23
Gentoo Linux
Debian Linux 6.0 sparc
Debian Linux 6.0 s/390
Debian Linux 6.0 powerpc
Debian Linux 6.0 mips
Debian Linux 6.0 ia-64
Debian Linux 6.0 ia-32
Debian Linux 6.0 arm
Debian Linux 6.0 amd64
CentOS CentOS 6
Avaya Proactive Contact 5.1
Avaya Proactive Contact 5.0
Avaya Messaging Application Server 5.2.1
Avaya Messaging Application Server 5.0.1
Avaya Messaging Application Server 5.2
Avaya Messaging Application Server 5.0
Avaya Meeting Exchange 6.2
Avaya Meeting Exchange 6.0
Avaya Meeting Exchange 5.2 SP2
Avaya Meeting Exchange 5.2 SP1
Avaya Meeting Exchange 5.2
Avaya Meeting Exchange 5.1 SP1
Avaya Meeting Exchange 5.1
Avaya Meeting Exchange 5.0 SP2
Avaya Meeting Exchange 5.0 SP1
Avaya Meeting Exchange 5.0
Avaya IP Office Server Edition 9.0
Avaya IP Office Server Edition 8.1
Avaya IP Office Application Server 9.0 SP 2
Avaya IP Office Application Server 9.0 SP 1
Avaya IP Office Application Server 9.0
Avaya IP Office Application Server 8.1
Avaya IP Office Application Server 8.0
Avaya Communication Server 1000M Signaling Server 7.6
Avaya Communication Server 1000M Signaling Server 7.5
Avaya Communication Server 1000M Signaling Server 7.0
Avaya Communication Server 1000M 7.6
Avaya Communication Server 1000M 7.5
Avaya Communication Server 1000M 7.0
Avaya Communication Server 1000E Signaling Server 7.6
Avaya Communication Server 1000E Signaling Server 7.5
Avaya Communication Server 1000E Signaling Server 7.0
Avaya Communication Server 1000E 7.6
Avaya Communication Server 1000E 7.5
Avaya Communication Server 1000E 7.0
Avaya Aura Utility Services 6.2
Avaya Aura System Platform 6.2.2
Avaya Aura System Platform 6.2.1
Avaya Aura System Platform 6.0.2
Avaya Aura System Platform 6.0.1
Avaya Aura System Platform 6.3
Avaya Aura System Platform 6.2.1.0.9
Avaya Aura System Platform 6.2 SP1
Avaya Aura System Platform 6.2
Avaya Aura System Platform 6.0.3.9.3
Avaya Aura System Platform 6.0.3.8.3
Avaya Aura System Platform 6.0.3.0.3
Avaya Aura System Platform 6.0 SP3
Avaya Aura System Platform 6.0 SP2
Avaya Aura System Platform 6.0
Avaya Aura System Platform 1.1
Avaya Aura Presence Services 6.1.2
Avaya Aura Presence Services 6.1.1
Avaya Aura Presence Services 6.2
Avaya Aura Presence Services 6.1 SP2
Avaya Aura Presence Services 6.1 SP1
Avaya Aura Presence Services 6.1
Avaya Aura Presence Services 6.0
Avaya Aura Messaging 6.1.1
Avaya Aura Messaging 6.2
Avaya Aura Messaging 6.1
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Messaging 6.0.1
Avaya Aura Messaging 6.0
Avaya Aura Experience Portal 6.0.2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Experience Portal 6.0.1
Avaya Aura Experience Portal 7.0
Avaya Aura Experience Portal 6.0 SP2
+ Avaya Communication Manager Server DEFINITY Server SI/CS
+ Avaya Communication Manager Server S8100
+ Avaya Communication Manager Server S8300
+ Avaya Communication Manager Server S8500
+ Avaya Communication Manager Server S8700
Avaya Aura Experience Portal 6.0 SP1
Avaya Aura Experience Portal 6.0
Avaya Aura Conferencing 7.0
Avaya Aura Conferencing 6.0 Standard
Avaya Aura Application Server 5300 SIP Core 3.0
Avaya Aura Application Server 5300 SIP Core 2.1
Avaya Aura Application Server 5300 SIP Core 2.0
Avaya Aura Application Enablement Services 6.2
Avaya Aura Application Enablement Services 6.1.2
Avaya Aura Application Enablement Services 6.1.1
Avaya Aura Application Enablement Services 6.1
Avaya Aura Application Enablement Services 6.0
Apache Tomcat 7.0.33
Apache Tomcat 7.0.32
Apache Tomcat 7.0.31
Apache Tomcat 7.0.30
Apache Tomcat 7.0.29
Apache Tomcat 7.0.28
Apache Tomcat 7.0.27
Apache Tomcat 7.0.26
Apache Tomcat 7.0.25
Apache Tomcat 7.0.24
Apache Tomcat 7.0.23
Apache Tomcat 7.0.16
Apache Tomcat 7.0.15
Apache Tomcat 7.0.14
Apache Tomcat 7.0.13
Apache Tomcat 7.0.12
Apache Tomcat 7.0.4
Apache Tomcat 7.0.3
Apache Tomcat 7.0.2
Apache Tomcat 7.0.1
Apache Tomcat 7.0 beta
Apache Tomcat 7.0
Apache Tomcat 6.0.37
Apache Tomcat 6.0.36
Apache Tomcat 6.0.35
Apache Tomcat 6.0.29
Apache Tomcat 6.0.28
Apache Tomcat 6.0.27
Apache Tomcat 6.0.26
Apache Tomcat 6.0.25
Apache Tomcat 6.0.24
Apache Tomcat 6.0.20
Apache Tomcat 6.0.18
Apache Tomcat 6.0.17
Apache Tomcat 6.0.16
Apache Tomcat 6.0.15
Apache Tomcat 6.0.14
Apache Tomcat 6.0.13
Apache Tomcat 6.0.12
Apache Tomcat 6.0.11
Apache Tomcat 6.0.10
Apache Tomcat 6.0.3
Apache Tomcat 6.0.2
Apache Tomcat 6.0.1
Apache Tomcat 6.0 alpha
Apache Tomcat 6.0
Apache Tomcat 8.0.0-RC1
Apache Tomcat 7.0.42
Apache Tomcat 7.0.41
Apache Tomcat 7.0.40
Apache Tomcat 7.0.4 Beta
Apache Tomcat 7.0.39
Apache Tomcat 7.0.38
Apache Tomcat 7.0.37
Apache Tomcat 7.0.36
Apache Tomcat 7.0.35
Apache Tomcat 7.0.34
Apache Tomcat 7.0.22
Apache Tomcat 7.0.21
Apache Tomcat 7.0.20
Apache Tomcat 7.0.2 Beta
Apache Tomcat 7.0.19
Apache Tomcat 7.0.18
Apache Tomcat 7.0.17
Apache Tomcat 7.0.11
Apache Tomcat 7.0.10
Apache Tomcat 6.0.33
Apache Tomcat 6.0.32
Apache Tomcat 6.0.31
Apache Tomcat 6.0.30
Apache Tomcat 6.0.2 Beta
Apache Tomcat 6.0.2 Alpha
Apache Tomcat 6.0.19
Apache Tomcat 6.0.1 Alpha
Apache Tomcat 5.5.36.01
Not Vulnerable: Redhat JBoss Data Grid 6.2.1
Juniper Security Threat Response Manager 2013.2R8
Juniper Secure Analytics 2014.2R3
Juniper Secure Analytics 2014.2R2
Juniper Secure Analytics 2013.2R8
IBM UrbanCode Release 6.0.1.4
IBM UrbanCode Deploy 6.0.1 4
IBM Tivoli Application Dependency Discovery Manager 7.2.2.1
IBM Tivoli Application Dependency Discovery Manager 7.2.1.6
IBM Tivoli Application Dependency Discovery Manager 7.2.0.10
IBM Storwize V7000 Unified 1.4.3 3
IBM Storwize V7000 7.3.0.5
IBM Storwize V7000 7.2.0.8
IBM Storwize V5000 7.3.0.5
IBM Storwize V5000 7.2.0.8
IBM Storwize V3700 7.3.0.5
IBM Storwize V3700 7.2.0.8
IBM Storwize V3500 7.3.0.5
IBM Storwize V3500 7.2.0.8
IBM SAN Volume Controller 7.3.0.5
IBM SAN Volume Controller 7.2.0.8
IBM Rational SAP Connector 4.0.0.4
IBM OpenPages GRC Platform 6.1.0.1.4
IBM Flex System V7000 7.3.0.5
IBM Flex System V7000 7.2.0.8
Apache Tomcat 8.0.0-RC3
Apache Tomcat 7.0.47
Apache Tomcat 6.0.39


 

Privacy Statement
Copyright 2010, SecurityFocus