Lucene search
GoogleOSV:BIT-TOMCAT-2022-42252HistoryMar 06, 2024 - 11:09 a.m.
BIT-tomcat-2022-42252
2024-03-0611:09:09
Google
osv.dev
11
apache tomcat 8.5.x
9.0.x
10.0.x
10.1.x
content-length header
request smuggling attack
0.003 Low
EPSS
Percentile
71.6%
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
Related
cnvd
cnvd
Apache Tomcat Environment Issue Vulnerability (CNVD-2022-74082)
2022-11-02 00:00:00
kaspersky
kaspersky
KLA20032 SB vulnerability in Apache Tomcat
2022-10-07 00:00:00
KLA20034 SB vulnerability in Apache Tomcat
2022-10-10 00:00:00
KLA20033 SB vulnerability in Apache Tomcat
2022-10-11 00:00:00
nessus
nessus
Apache Tomcat 10.1.0.M1 < 10.1.1 vulnerability
2022-11-02 00:00:00
Atlassian Confluence 7.19.x < 7.19.16 (CONFSERVER-93168)
2023-11-23 00:00:00
Amazon Linux 2 : tomcat (ALASTOMCAT9-2023-002)
2023-09-27 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 9.0.68
2022-10-07 00:00:00
Fixed in Apache Tomcat 8.5.83
2022-10-11 00:00:00
Fixed in Apache Tomcat 10.0.27
2022-10-10 00:00:00
openvas
openvas
Apache Tomcat Request Smuggling Vulnerability (Oct 2022) - Linux
2022-11-02 00:00:00
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2023-1341)
2023-02-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4303-1)
2022-12-02 00:00:00
cve
cve
CVE-2022-42252
2022-11-01 09:15:00
f5
f5
K000133224 : Apache Tomcat vulnerability CVE-2022-42252
2023-03-28 00:00:00
osv
osv
Apache Tomcat may reject request containing invalid Content-Length header
2022-11-01 12:00:30
CVE-2022-42252
2022-11-01 09:15:10
tomcat9 - security update
2023-04-05 00:00:00
github
github
Apache Tomcat may reject request containing invalid Content-Length header
2022-11-01 12:00:30
freebsd
freebsd
Tomcat -- Request Smuggling
2022-10-31 00:00:00
ubuntucve
ubuntucve
CVE-2022-42252
2022-11-01 00:00:00
atlassian
atlassian
veracode
veracode
HTTP Request Smuggling
2022-11-02 05:50:14
ibm
ibm
Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-42252
2023-02-01 21:30:29
Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products
2023-03-29 01:48:02
Security Bulletin: IBM UrbanCode Build is affected by CVE-2022-42252
2022-12-20 07:08:10
prion
prion
Cross site request forgery (csrf)
2022-11-01 09:15:00
cvelist
cvelist
CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length
2022-11-01 00:00:00
redhatcve
redhatcve
CVE-2022-42252
2022-11-09 14:26:30
photon
photon
Important Photon OS Security Update - PHSA-2023-0314
2023-01-17 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0314
2023-01-17 00:00:00
Important Photon OS Security Update - PHSA-2023-0518
2023-01-19 00:00:00
debiancve
debiancve
CVE-2022-42252
2022-11-01 09:15:00
debian
debian
[SECURITY] [DLA 3384-1] tomcat9 security update
2023-04-05 19:47:31
[SECURITY] [DSA 5381-1] tomcat9 security update
2023-04-05 20:24:17
redhat
redhat
gentoo
gentoo
Apache Tomcat: Multiple Vulnerabilities
2023-05-30 00:00:00
mageia
mageia
Updated tomcat packages fix security vulnerability
2023-04-15 22:03:44
rosalinux
rosalinux
Advisory ROSA-SA-2023-2258
2023-10-21 16:49:43
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00