7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Apache Tomcat is a lightweight Web application server from the Apache Foundation. The program implements support for Servlet and JavaServer Page (JSP). Apache Tomcat has an environment problem vulnerability that stems from the fact that Tomcat may have a request smuggling problem (Request Smuggling) when the rejectIllegalHeader is set to false. No details of the vulnerability are currently available.
CPE | Name | Operator | Version |
---|---|---|---|
Apache Tomcat >=8.5.0, | le | 8.5.52 | |
Apache Tomcat >=9.0.0, | lt | 9.0.68 | |
Apache Tomcat >=10.0.0, | lt | 10.0.27 | |
Apache Tomcat >=10.1.0, | lt | 10.1.1 |