Lucene search

[email protected]CVE-2023-45648

HistoryOct 10, 2023 - 7:15 p.m.

CVE-2023-45648

2023-10-1019:15:09

CWE-20

[email protected]

web.nvd.nist.gov

132

cve-2023-45648

apache tomcat

input validation

vulnerability

upgrade

patched version

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.5%

JSON

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially
crafted, invalid trailer header could cause Tomcat to treat a single
request as multiple requests leading to the possibility of request
smuggling when behind a reverse proxy.

Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.

Affected configurations

Vulners

NVD

Node

apache_software_foundationapache_strutsRange≤11.0.0-M11

apache_software_foundationapache_strutsRange≤10.1.13

apache_software_foundationapache_strutsRange≤9.0.81

apache_software_foundationapache_strutsRange≤8.5.93

VendorProductVersionCPE
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone19::
apachetomcat11.0.0cpe:/a:apache:tomcat:11.0.0:milestone7::
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone8::
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone12::
apachetomcat11.0.0cpe:/a:apache:tomcat:11.0.0:milestone6::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone15::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone20::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone23::
apachetomcat10.1.0cpe:/a:apache:tomcat:10.1.0:milestone17::
apachetomcat9.0.0cpe:/a:apache:tomcat:9.0.0:milestone27::

Vendor	Product	Version	CPE
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone19::
apache	tomcat	11.0.0	cpe:/a:apache:tomcat:11.0.0:milestone7::
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone8::
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone12::
apache	tomcat	11.0.0	cpe:/a:apache:tomcat:11.0.0:milestone6::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone15::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone20::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone23::
apache	tomcat	10.1.0	cpe:/a:apache:tomcat:10.1.0:milestone17::
apache	tomcat	9.0.0	cpe:/a:apache:tomcat:9.0.0:milestone27::

Rows per page:

1-10 of 581

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.0-M11",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.13",
        "status": "affected",
        "version": "10.1.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.81",
        "status": "affected",
        "version": "9.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.93",
        "status": "affected",
        "version": "8.5.0",
        "versionType": "semver"
      }
    ]
  }
]