Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
tomcatApache TomcatTOMCAT:67CE68B320511BF54B324191638E118A
HistoryMar 09, 2007 - 12:00 a.m.

Fixed in Apache Tomcat 5.5.23, 5.0.SVN

2007-03-0900:00:00
Apache Tomcat
tomcat.apache.org
16

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Important: Information disclosure CVE-2005-2090

Requests with multiple content-length headers should be rejected as invalid. When multiple components (firewalls, caches, proxies and Tomcat) process a sequence of requests where one or more requests contain multiple content-length headers and several components do not reject the request and make different decisions as to which content-length header to use an attacker can poison a web-cache, perform an XSS attack and obtain sensitive information from requests other then their own. Tomcat now returns 400 for requests with multiple content-length headers.

Affects: 5.0.0-5.0.30, 5.5.0-5.5.22

Related

cve 2
nessus 22
cert 1
veracode 2
f5 2
github 2
osv 2
seebug 3
securityvulns 2
tomcat 5
debiancve 1
ubuntucve 1
prion 1
openvas 12
redhat 7
freebsd 1
fedora 2
vmware 2
centos 1
oraclelinux 1
ibm 2
cve
cve
CVE-2005-2090
2005-07-05 04:00:00
CVE-2013-4286
2014-02-26 14:55:00
nessus
nessus
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
2011-11-18 00:00:00
Apache Tomcat < 6.0.13 Multiple Vulnerabilities
2011-11-18 00:00:00
Apache Tomcat 4.x < 4.1.36 Multiple Vulnerabilities
2011-11-18 00:00:00
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
veracode
veracode
HTTP Request Smuggling
2018-11-13 06:55:19
Request-smuggling Attacks
2019-01-15 08:59:20
f5
f5
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
github
github
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
osv
osv
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
seebug
seebug
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-27 00:00:00
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 &#40;Information disclosure&#41;
2014-02-28 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
tomcat
tomcat
Fixed in Apache Tomcat 6.0.11
2005-06-30 00:00:00
Fixed in Apache Tomcat 7.0.47
2013-10-24 00:00:00
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
debiancve
debiancve
CVE-2013-4286
2014-02-26 14:55:00
ubuntucve
ubuntucve
CVE-2013-4286
2014-02-26 00:00:00
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
openvas
openvas
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Fedora Update for Pound FEDORA-2014-13777
2014-11-12 00:00:00
redhat
redhat
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
(RHSA-2007:0328) Important: tomcat security update
2007-05-24 00:00:00
(RHSA-2007:0327) Important: tomcat security update
2007-05-14 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
vmware
vmware
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
oraclelinux
oraclelinux
Important: tomcat security update
2007-06-26 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)
2018-06-15 07:01:06
Security Bulletin: Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)
2018-06-17 04:55:05

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON
Related for TOMCAT:67CE68B320511BF54B324191638E118A
cve2nessus22cert1veracode2f52github2osv2seebug3securityvulns2tomcat5debiancve1ubuntucve1prion1openvas12redhat7freebsd1fedora2vmware2centos1oraclelinux1ibm2