logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-1935

Description

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.


Affected Software


CPE Name Name Version
apache:tomcat apache tomcat 7.0.99
apache:tomcat apache tomcat 8.5.50
apache:tomcat apache tomcat 9.0.30
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
apache:tomcat apache tomcat 9.0.0
debian:debian_linux debian debian linux 8.0
debian:debian_linux debian debian linux 9.0
debian:debian_linux debian debian linux 10.0
canonical:ubuntu_linux canonical ubuntu linux 16.04
opensuse:leap opensuse leap 15.1
netapp:data_availability_services netapp data availability services -
netapp:oncommand_system_manager netapp oncommand system manager 3.1.3
oracle:agile_engineering_data_management oracle agile engineering data management 6.2.1.0
oracle:agile_product_lifecycle_management oracle agile product lifecycle management 9.3.3
oracle:agile_product_lifecycle_management oracle agile product lifecycle management 9.3.5
oracle:agile_product_lifecycle_management oracle agile product lifecycle management 9.3.6
oracle:communications_element_manager oracle communications element manager 8.1.1
oracle:communications_element_manager oracle communications element manager 8.2.0
oracle:communications_element_manager oracle communications element manager 8.2.1
oracle:communications_instant_messaging_server oracle communications instant messaging server 10.0.1.4.0
oracle:health_sciences_empirica_inspections oracle health sciences empirica inspections 1.0.1.2
oracle:health_sciences_empirica_signal oracle health sciences empirica signal 7.3.3
oracle:hospitality_guest_access oracle hospitality guest access 4.2.0
oracle:hospitality_guest_access oracle hospitality guest access 4.2.1
oracle:hyperion_infrastructure_technology oracle hyperion infrastructure technology 11.1.2.4
oracle:instantis_enterprisetrack oracle instantis enterprisetrack 17.3
oracle:mysql_enterprise_monitor oracle mysql enterprise monitor 4.0.12
oracle:mysql_enterprise_monitor oracle mysql enterprise monitor 8.0.20
oracle:retail_order_broker oracle retail order broker 15.0
oracle:siebel_ui_framework oracle siebel ui framework 20.5
oracle:transportation_management oracle transportation management 6.3.7
oracle:workload_manager oracle workload manager 12.2.0.1
oracle:workload_manager oracle workload manager 18c
oracle:workload_manager oracle workload manager 19c

Related