Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-42252HistoryNov 01, 2022 - 9:15 a.m.
CVE-2022-42252
2022-11-0109:15:00
Debian Security Bug Tracker
security-tracker.debian.org
25
0.003 Low
EPSS
Percentile
71.7%
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | tomcat9 | < 9.0.68-1 | tomcat9_9.0.68-1_all.deb |
| Debian | 11 | all | tomcat9 | < 9.0.43-2~deb11u6 | tomcat9_9.0.43-2~deb11u6_all.deb |
| Debian | 10 | all | tomcat9 | < 9.0.31-1~deb10u8 | tomcat9_9.0.31-1~deb10u8_all.deb |
| Debian | 999 | all | tomcat9 | < 9.0.68-1 | tomcat9_9.0.68-1_all.deb |
| Debian | 13 | all | tomcat9 | < 9.0.68-1 | tomcat9_9.0.68-1_all.deb |
Related
kaspersky
kaspersky
KLA20032 SB vulnerability in Apache Tomcat
2022-10-07 00:00:00
KLA20034 SB vulnerability in Apache Tomcat
2022-10-10 00:00:00
KLA20033 SB vulnerability in Apache Tomcat
2022-10-11 00:00:00
cnvd
cnvd
Apache Tomcat Environment Issue Vulnerability (CNVD-2022-74082)
2022-11-02 00:00:00
nessus
nessus
Apache Tomcat 10.1.0.M1 < 10.1.1
2022-11-02 00:00:00
SUSE SLES12 Security Update : tomcat (SUSE-SU-2022:4193-1)
2022-11-24 00:00:00
SUSE SLES12 Security Update : tomcat (SUSE-SU-2022:4303-1)
2022-12-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2023-1341)
2023-02-09 00:00:00
Apache Tomcat Request Smuggling Vulnerability (Oct 2022) - Linux
2022-11-02 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4303-1)
2022-12-02 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.68
2022-10-07 00:00:00
Fixed in Apache Tomcat 10.1.1
2022-10-11 00:00:00
Fixed in Apache Tomcat 8.5.83
2022-10-11 00:00:00
cve
cve
CVE-2022-42252
2022-11-01 09:15:00
cvelist
cvelist
CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length
2022-11-01 00:00:00
ibm
ibm
prion
prion
Cross site request forgery (csrf)
2022-11-01 09:15:00
redhatcve
redhatcve
CVE-2022-42252
2022-11-09 14:26:30
f5
f5
K000133224 : Apache Tomcat vulnerability CVE-2022-42252
2023-03-28 00:00:00
atlassian
atlassian
github
github
Apache Tomcat may reject request containing invalid Content-Length header
2022-11-01 12:00:30
osv
osv
Apache Tomcat may reject request containing invalid Content-Length header
2022-11-01 12:00:30
CVE-2022-42252
2022-11-01 09:15:10
BIT-tomcat-2022-42252
2024-03-06 11:09:09
freebsd
freebsd
Tomcat -- Request Smuggling
2022-10-31 00:00:00
ubuntucve
ubuntucve
CVE-2022-42252
2022-11-01 00:00:00
veracode
veracode
HTTP Request Smuggling
2022-11-02 05:50:14
photon
photon
Important Photon OS Security Update - PHSA-2023-0314
2023-01-17 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0314
2023-01-17 00:00:00
Important Photon OS Security Update - PHSA-2023-0518
2023-01-19 00:00:00
debian
debian
[SECURITY] [DLA 3384-1] tomcat9 security update
2023-04-05 19:47:31
[SECURITY] [DSA 5381-1] tomcat9 security update
2023-04-05 20:07:07
redhat
redhat
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2023-05-30 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00