22 matches found
Apache Tomcat - HTTP Request Smuggling
Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...
Astra Linux - уязвимость в tomcat9
There is an improper input validation vulnerability in Apache Tomcat. In versions of Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82, and from 8.5.0 through 8.5.95, HTTP trailer headers were not parsed correctly. A trailer header that exceede...
HTTP Request Smuggling
Http4s is vulnerable to HTTP Request Smuggling. The vulnerability is due to improper handling of the HTTP trailer section, which allows an attacker—when the app is deployed behind a reverse proxy that forwards trailer headers—to bypass front-end security controls, target active users, and poison...
EUVD-2022-1607
Malicious code in bioql PyPI...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper parsing of the HTTP trailer section in the parse function. An attacker can bypass security controls, launch targeted attacks against users, or poison web caches by crafting specially formed HTTP...
OESA-2024-2460 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
OESA-2024-2405 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
OESA-2024-2404 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
OESA-2024-2403 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
OESA-2024-2402 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
USN-7032-1 tomcat8, tomcat9 vulnerability
It was discovered that Tomcat incorrectly handled HTTP trailer headers. A remote attacker could possibly use this issue to perform HTTP request smuggling...
tomcat: HTTP request smuggling via malformed trailer headers
An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a...
SUSE-SU-2024:0472-1 Security update for tomcat
This update for tomcat fixes the following issues: Updated to Tomcat 9.0.85: - CVE-2023-45648: Improve trailer header parsing bsc1216118. - CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows bsc1216120. - CVE-2023-42795: Improve handling of failures during recycle methods...
Medium: tomcat9
Issue Overview: Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header siz...
Internet Bug Bounty: Possibility of Request smuggling attack
A vulnerability in Apache Tomcat allowed request smuggling due to incorrect parsing of HTTP trailer headers. A specially crafted trailer header exceeding the size limit could cause Tomcat to treat a single request as multiple requests, enabling request smuggling attacks when behind a reverse prox...
OESA-2023-1788 tomcat security update
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open developmen...
CVE-2023-45648
A flaw was found in Apache Tomcat, where an improper input validation can occur. This flaw allows a malicious user to send a crafted request containing an invalid trailer header, which could be treated as multiple requests, potentially leading to request smuggling when behind a reverse proxy...
Apache Tomcat 11.0.0.M1 < 11.0.0.M12 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 11.0.0.M12. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat11.0.0-m12security-11 advisory. - Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through...