Lucene search

Potential HTTP request smuggling in Apache Tomcat

🗓️ 28 Feb 2020 01:48:10Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 252 Views

Potential HTTP request smuggling in Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 due to flawed HTTP header parsin

Reporter	Title	Published	Views	Family All 133
Tenable Nessus	RHEL 7 : tomcat (RHSA-2020:5020)	11 Nov 202000:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tomcat (ALAS-2023-2216)	23 Aug 202300:00	–	nessus
Tenable Nessus	CentOS 7 : tomcat (RHSA-2020:5020)	18 Nov 202000:00	–	nessus
Tenable Nessus	Virtuozzo 7 : tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (VZLSA-2020-5020)	18 Dec 202000:00	–	nessus
Tenable Nessus	Oracle Linux 7 : tomcat (ELSA-2020-5020)	12 Nov 202000:00	–	nessus
Tenable Nessus	Scientific Linux Security Update : tomcat on SL7.x (noarch) (2020:5020)	12 Nov 202000:00	–	nessus
Tenable Nessus	Amazon Linux AMI : tomcat7 (ALAS-2021-1472)	14 Jan 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : tomcat7 (ALAS-2020-1472) (deprecated)	18 Dec 202000:00	–	nessus
Tenable Nessus	RHEL 7 : tomcat (RHSA-2021:0882)	17 Mar 202100:00	–	nessus
Tenable Nessus	RHEL 6 / 7 : Red Hat JBoss Web Server 3.1 Service Pack 10 (RHSA-2020:3303)	4 Aug 202000:00	–	nessus

Vulners

Node

org.apache.tomcat tomcatRange9.0.0–9.0.31

org.apache.tomcat tomcatRange8.0.0–8.5.51

org.apache.tomcat tomcatRange<7.0.100

org.apache.tomcat.embed tomcat\-embed\-coreRange9.0.0–9.0.31

org.apache.tomcat.embed tomcat\-embed\-coreRange8.0.0–8.5.51

org.apache.tomcat.embed tomcat\-embed\-coreRange<7.0.100

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-1935
lists	www.lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E
lists	www.lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78@%3Ccommits.tomee.apache.org%3E
lists	www.lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743@%3Ccommits.tomee.apache.org%3E
lists	www.lists.debian.org/debian-lts-announce/2020/03/msg00006.html
lists	www.lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
lists	www.lists.debian.org/debian-lts-announce/2020/05/msg00026.html
security	www.security.netapp.com/advisory/ntap-20200327-0005/
debian	www.debian.org/security/2020/dsa-4673
debian	www.debian.org/security/2020/dsa-4680

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

28 Feb 2020 01:10Current

1Low risk

Vulners AI Score1

CVSS25.8

CVSS34.8

EPSS0.0104

CWE-444