The vulnerability in the implementation of the `rejectIllegalHeader` attribute in the Apache Tomcat application server allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the Apache Tomcat application server’s implementation of the rejectIllegalHeader attribute is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests...

GHSA-P22X-G9PX-3945 Apache Tomcat may reject request containing invalid Content-Length header

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

UBUNTU-CVE-2022-42252

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false the default for 8.5.x only, Tomcat did not reject a request containing an invalid Content-Length header making a...

Apache Tomcat 环境问题漏洞

Apache Tomcat is a lightweight Web application server from the Apache Foundation. The program implements support for Servlet and JavaServer Page JSP. Apache Tomcat has an environment problem vulnerability that stems from the fact that Tomcat may have a request smuggling problem Request Smuggling...