Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALASTOMCAT8.5-2023-002

Related Vulnerabilities: CVE-2022-42252  

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. (CVE-2022-42252)

Source

ALASTOMCAT8.5-2023-002

Amazon Linux 2 Security Advisory: ALASTOMCAT8.5-2023-002
Advisory Release Date: 2023-08-21 20:58 Pacific
Advisory Updated Date: 2023-09-25 21:59 Pacific
Severity: Important
Issue Overview:

If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header. (CVE-2022-42252)


Affected Packages:

tomcat


Issue Correction:
Run yum update tomcat to update your system.

New Packages:
noarch:
    tomcat-8.5.79-1.amzn2.0.3.noarch
    tomcat-admin-webapps-8.5.79-1.amzn2.0.3.noarch
    tomcat-docs-webapp-8.5.79-1.amzn2.0.3.noarch
    tomcat-javadoc-8.5.79-1.amzn2.0.3.noarch
    tomcat-jsvc-8.5.79-1.amzn2.0.3.noarch
    tomcat-jsp-2.3-api-8.5.79-1.amzn2.0.3.noarch
    tomcat-lib-8.5.79-1.amzn2.0.3.noarch
    tomcat-servlet-3.1-api-8.5.79-1.amzn2.0.3.noarch
    tomcat-el-3.0-api-8.5.79-1.amzn2.0.3.noarch
    tomcat-webapps-8.5.79-1.amzn2.0.3.noarch

src:
    tomcat-8.5.79-1.amzn2.0.3.src

Additional References

Red Hat: CVE-2022-42252

Mitre: CVE-2022-42252

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started