CVE-2020-1935

🗓️ 24 Feb 2020 21:11:38Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 1465 Views

Apache Tomcat 7.0-9.0 HTTP Header Parsing Vulnerability

Reporter	Title	Published	Views	Family All 194
IBM Security Bulletins	Security Bulletin: IBM Cognos Business Intelligence has addressed multiple vulnerabilities (Q12021)	29 Jan 202118:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	13 Aug 202122:15	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat affects IBM Platform Symphony	6 Apr 202003:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM WebSphere Cast Iron Solution & App Connect Professional is affected by Apache Tomcat vulnerabilities.	10 May 202017:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2019-17569, CVE-2020-1935 HTTP Request Smuggling if Tomcat was located behind a reverse proxy	5 Nov 202019:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus affected by multiple Apache Tomcat vulnerabilities.	26 Jun 202012:28	–	ibm
IBM Security Bulletins	Security Bulletin: [All] Apache Tomcat (core only) (Publicly disclosed vulnerability) CVE-2020-1935, CVE-2019-17569	24 Jul 202021:16	–	ibm
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities	1 Apr 202216:38	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Apache Tomcat vulnerabilities affect IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1935, CVE-2019-17569)	24 Jul 202022:19	–	ibm

NVD

Vulners

Node

apache tomcatRange7.0.0–7.0.99

apache tomcatRange8.5.0–8.5.50

apache tomcatRange9.0.0–9.0.30

apache tomcatMatch9.0.0-

apache tomcatMatch9.0.0milestone1

apache tomcatMatch9.0.0milestone10

apache tomcatMatch9.0.0milestone11

apache tomcatMatch9.0.0milestone12

apache tomcatMatch9.0.0milestone13

apache tomcatMatch9.0.0milestone14

apache tomcatMatch9.0.0milestone15

apache tomcatMatch9.0.0milestone16

apache tomcatMatch9.0.0milestone17

apache tomcatMatch9.0.0milestone18

apache tomcatMatch9.0.0milestone19

apache tomcatMatch9.0.0milestone2

apache tomcatMatch9.0.0milestone20

apache tomcatMatch9.0.0milestone21

apache tomcatMatch9.0.0milestone22

apache tomcatMatch9.0.0milestone23

apache tomcatMatch9.0.0milestone24

apache tomcatMatch9.0.0milestone25

apache tomcatMatch9.0.0milestone26

apache tomcatMatch9.0.0milestone27

apache tomcatMatch9.0.0milestone3

apache tomcatMatch9.0.0milestone4

apache tomcatMatch9.0.0milestone5

apache tomcatMatch9.0.0milestone6

apache tomcatMatch9.0.0milestone7

apache tomcatMatch9.0.0milestone8

apache tomcatMatch9.0.0milestone9

Node

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

canonical ubuntu_linuxMatch16.04lts

Node

opensuse leapMatch15.1

Node

netapp data_availability_servicesMatch-

netapp oncommand_system_managerRange3.0.0–3.1.3

Node

oracle agile_engineering_data_managementMatch6.2.1.0

oracle agile_product_lifecycle_managementMatch9.3.3

oracle agile_product_lifecycle_managementMatch9.3.5

oracle agile_product_lifecycle_managementMatch9.3.6

oracle communications_element_managerMatch8.1.1

oracle communications_element_managerMatch8.2.0

oracle communications_element_managerMatch8.2.1

oracle communications_instant_messaging_serverMatch10.0.1.4.0

oracle health_sciences_empirica_inspectionsMatch1.0.1.2

oracle health_sciences_empirica_signalMatch7.3.3

oracle hospitality_guest_accessMatch4.2.0

oracle hospitality_guest_accessMatch4.2.1

oracle hyperion_infrastructure_technologyMatch11.1.2.4

oracle instantis_enterprisetrackRange17.1–17.3

oracle mysql_enterprise_monitorRange4.0.0–4.0.12

oracle mysql_enterprise_monitorRange8.0.0–8.0.20

oracle retail_order_brokerMatch15.0

oracle siebel_ui_frameworkRange≤20.5

oracle transportation_managementMatch6.3.7

oracle workload_managerMatch12.2.0.1

oracle workload_managerMatch18c

oracle workload_managerMatch19c

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Tomcat 9.0.0.M1 to 9.0.30"
      },
      {
        "status": "affected",
        "version": "8.5.0 to 8.5.50"
      },
      {
        "status": "affected",
        "version": "7.0.0 to 7.0.99"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E
usn	www.usn.ubuntu.com/4448-1/
debian	www.debian.org/security/2020/dsa-4680
lists	www.lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
lists	www.lists.debian.org/debian-lts-announce/2020/05/msg00026.html
lists	www.lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E
debian	www.debian.org/security/2020/dsa-4673
lists	www.lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E
oracle	www.oracle.com/security-alerts/cpujul2020.html

21 Nov 2024 05:11Current

7.4High risk

Vulners AI Score7.4

CVSS 3.14.8

CVSS 25.8

EPSS0.01382

CWE-444