Apache Tomcat 8.5.63 / 9.0.43 HTTP Response Smuggling Vulnerability

Apache Tomcat suffers from a client-side de-sync vulnerability via HTTP request smuggling. Apache Tomcat versions 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43 are vulnerable. Exploit Title: CVE-2024-21733 Apache Tomcat HTTP Request Smuggling Date: 1/31/2024 Exploit Author: xer0dayz Vendor...

Fixed in Apache Tomcat 9.0.44

Important: Denial of Service CVE-2021-41079 When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a specially crafted packet could be used to trigger an infinite loop resulting in a denial of service. This was fixed with commit d4b340fa. This issue was first reported to the Apach...