CVE-2021-33037

🗓️ 12 Jul 2021 14:55:15Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 589 Views

Apache Tomcat versions 8.5.0 to 10.0.6 have HTTP transfer-encoding parsing issue potentially leading to request smuggling

Reporter	Title	Published	Views	Family All 210
IBM Security Bulletins	Security Bulletin: Bulletin: App Connect Professional is affected by Apache Tomcat vulnerabilities.	28 Sep 202112:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Engineering Requirements Management DOORS/DWA vulnerabilities addressed in 9.7.2.8	18 Oct 202407:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Build is affected by CVE-2021-33037	9 Feb 202216:28	–	ibm
IBM Security Bulletins	Security Bulletin: CVE-2021-33037 Apache Tomcat 8.5.66 did not correctly parse the HTTP transfer-encoding request header leading to the possibility to request smuggling when used with a reverse proxy	1 Sep 202119:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational Build Forge is affected by Apache Tomcat version used in it. (CVE-2021-33037)	7 Jul 202216:30	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem V9000 products	29 Mar 202301:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM UrbanCode Release is affected by CVE-2021-33037	25 Jan 202207:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	11 Oct 202118:12	–	ibm
Tenable Nessus	Apache Tomcat < 9.0.48 Vulnerability	12 Jul 202100:00	–	nessus
Tenable Nessus	Apache Tomcat < 8.5.68 Vulnerability	12 Jul 202100:00	–	nessus

NVD

Vulners

Node

apache tomcatRange8.5.0–8.5.66

apache tomcatRange9.0.0–9.0.46

apache tomcatRange10.0.0–10.0.6

Node

apache tomeeMatch8.0.6

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

Node

oracle agile_plmMatch9.3.6

oracle communications_cloud_native_core_policyMatch1.14.0

oracle communications_cloud_native_core_service_communication_proxyMatch1.14.0

oracle communications_diameter_signaling_routerRange8.0.0.0–8.5.0.2

oracle communications_instant_messaging_serverMatch10.0.1.5.0

oracle communications_policy_managementMatch12.5.0

oracle communications_pricing_design_centerMatch12.0.0.3.0

oracle communications_session_report_managerRange8.0.0–8.2.4.0

oracle communications_session_route_managerRange8.0.0–8.2.4

oracle graph_server_and_clientRange<21.4

oracle healthcare_translational_researchMatch4.1.0

oracle hospitality_cruise_shipboard_property_management_systemMatch20.1.0

oracle instantis_enterprisetrackMatch17.1

oracle instantis_enterprisetrackMatch17.2

oracle instantis_enterprisetrackMatch17.3

oracle managed_file_transferMatch12.2.1.3.0

oracle managed_file_transferMatch12.2.1.4.0

oracle mysql_enterprise_monitorRange≤8.0.25

oracle sd-wan_edgeMatch9.0

oracle sd-wan_edgeMatch9.1

oracle secure_global_desktopMatch5.6

oracle utilities_testing_acceleratorMatch6.0.0.1.1

oracle utilities_testing_acceleratorMatch6.0.0.2.2

oracle utilities_testing_acceleratorMatch6.0.0.3.1

Node

mcafee epolicy_orchestratorRange<5.10.0

mcafee epolicy_orchestratorMatch5.10.0-

mcafee epolicy_orchestratorMatch5.10.0update_1

mcafee epolicy_orchestratorMatch5.10.0update_10

mcafee epolicy_orchestratorMatch5.10.0update_2

mcafee epolicy_orchestratorMatch5.10.0update_3

mcafee epolicy_orchestratorMatch5.10.0update_4

mcafee epolicy_orchestratorMatch5.10.0update_5

mcafee epolicy_orchestratorMatch5.10.0update_6

mcafee epolicy_orchestratorMatch5.10.0update_7

mcafee epolicy_orchestratorMatch5.10.0update_8

mcafee epolicy_orchestratorMatch5.10.0update_9

[
  {
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "status": "affected",
        "version": "Apache Tomcat 10 10.0.0-M1 to 10.0.6"
      },
      {
        "status": "affected",
        "version": "Apache Tomcat 9 9.0.0.M1 to 9.0.46"
      },
      {
        "status": "affected",
        "version": "Apache Tomcat 8 8.5.0 to 8.5.66"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com//security-alerts/cpujul2021.html
lists	www.lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E
security	www.security.netapp.com/advisory/ntap-20210827-0007/
oracle	www.oracle.com/security-alerts/cpuapr2022.html
debian	www.debian.org/security/2021/dsa-4952
security	www.security.gentoo.org/glsa/202208-34
lists	www.lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E

21 Nov 2024 06:08Current

6.1Medium risk

Vulners AI Score6.1

CVSS 25

CVSS 3.15.3

EPSS0.01865

CWE-444