Lucene search
GoogleOSV:BIT-TOMCAT-2023-45648HistoryMar 06, 2024 - 11:07 a.m.
BIT-tomcat-2023-45648
2024-03-0611:07:43
Google
osv.dev
9
apache tomcat
input validation
http trailer headers
vulnerability
upgrade
reverse proxy
request smuggling
Improper Input Validation vulnerability in Apache Tomcat.Tomcatย from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
Related
veracode
veracode
Request Smuggling
2023-10-12 11:56:46
cve
cve
CVE-2023-45648
2023-10-10 19:15:09
ubuntucve
ubuntucve
CVE-2023-45648
2023-10-10 00:00:00
amazon
amazon
Important: tomcat
2024-03-13 20:26:00
Important: tomcat8
2023-10-16 13:45:00
prion
prion
Input validation
2023-10-10 19:15:00
nessus
nessus
Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-012)
2024-03-18 00:00:00
Amazon Linux 2 : tomcat (ALAS-2024-2501)
2024-03-18 00:00:00
ibm
ibm
github
github
Apache Tomcat Improper Input Validation vulnerability
2023-10-10 21:31:12
redhatcve
redhatcve
CVE-2023-45648
2023-10-24 03:27:24
debiancve
debiancve
CVE-2023-45648
2023-10-10 19:15:09
cvelist
cvelist
CVE-2023-45648 Apache Tomcat: Trailer header parsing too lenient
2023-10-10 18:38:34
hackerone
hackerone
osv
osv
Apache Tomcat Improper Input Validation vulnerability
2023-10-10 21:31:12
CVE-2023-45648
2023-10-10 19:15:09
Moderate: tomcat security update
2024-01-25 00:00:00
f5
f5
K000137965 : Apache Tomcat vulnerability CVE-2023-45648
2023-12-19 00:00:00
redhat
redhat
(RHSA-2023:6207) Moderate: Red Hat JBoss Web Server 5.7.6 release and security update
2023-10-31 13:03:48
(RHSA-2023:6206) Moderate: Red Hat JBoss Web Server 5.7.6 release and security update
2023-10-31 13:03:53
(RHSA-2024:0474) Moderate: tomcat security update
2024-01-24 14:41:09
mageia
mageia
Updated tomcat packages fix security vulnerabilities
2023-11-15 14:35:09
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4337-1)
2023-11-03 00:00:00
Mageia: Security Advisory (MGASA-2023-0319)
2023-11-16 00:00:00
Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2024-1305)
2024-03-12 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 11.0.0-M12
2023-10-10 00:00:00
Fixed in Apache Tomcat 10.1.14
2023-10-10 00:00:00
Fixed in Apache Tomcat 9.0.81
2023-10-10 00:00:00
qualysblog
qualysblog
CVE-2023-44487 HTTP/2 Rapid Reset Attack
2023-10-10 22:01:49
kaspersky
kaspersky
KLA61362 Multiple vulnerabilities in Apache Tomcat
2023-10-10 00:00:00
KLA61363 Multiple vulnerabilities in Apache Tomcat
2023-10-10 00:00:00
almalinux
almalinux
Moderate: tomcat security update
2024-01-25 00:00:00
Moderate: tomcat security update
2024-01-10 00:00:00
redos
redos
ROS-20240405-12
2024-04-05 00:00:00
oraclelinux
oraclelinux
tomcat security update
2024-01-11 00:00:00
tomcat security update
2024-01-25 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2418
2024-05-14 08:49:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
5.2 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.1%
Related for OSV:BIT-TOMCAT-2023-45648