Lucene search

Potential HTTP request smuggling in Apache Tomcat

🗓️ 28 Feb 2020 01:58:10Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 160 Views

Potential HTTP request smuggling in Apache Tomcat due to invalid Transfer-Encoding header

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 88
Veracode	HTTP Request Smuggling	25 Feb 202007:52	–	veracode
OSV	CVE-2019-17569	24 Feb 202022:15	–	osv
OSV	GHSA-767J-JFH2-JVRC Potential HTTP request smuggling in Apache Tomcat	28 Feb 202001:10	–	osv
OSV	OPENSUSE-SU-2020:0345-1 Security update for tomcat	15 Mar 202017:12	–	osv
OSV	SUSE-SU-2020:0598-1 Security update for tomcat	5 Mar 202015:15	–	osv
OSV	SUSE-SU-2020:0631-1 Security update for tomcat	10 Mar 202012:12	–	osv
OSV	MGASA-2020-0138 Updated tomcat packages fix security vulnerabilities	10 Mar 202019:04	–	osv
OSV	DLA-2133-1 tomcat7 - security update	4 Mar 202000:00	–	osv
OSV	DSA-4673-1 tomcat8 - security update	3 May 202000:00	–	osv
OSV	RHSA-2020:1520 Red Hat Security Advisory: Red Hat JBoss Web Server 5.3 release	16 Sep 202403:29	–	osv

Vulners

Node

org.apache.tomcat tomcatRange9.0.28–9.0.31

org.apache.tomcat tomcatRange8.5.48–8.5.51

org.apache.tomcat tomcatRange7.0.98–7.0.100

org.apache.tomcat.embed tomcat-embed-coreRange9.0.28–9.0.31

org.apache.tomcat.embed tomcat-embed-coreRange8.5.48–8.5.51

org.apache.tomcat.embed tomcat-embed-coreRange7.0.98–7.0.100

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-17569
lists	www.lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2020/03/msg00006.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
security	www.security.netapp.com/advisory/ntap-20200327-0005/
debian	www.debian.org/security/2020/dsa-4673
debian	www.debian.org/security/2020/dsa-4680
oracle	www.oracle.com/security-alerts/cpujul2020.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Feb 2020 01:10Current

1.4Low risk

Vulners AI Score1.4

CVSS25.8

CVSS34.8

EPSS0.09925

CWE-444