Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

ALAS-2021-1472

Related Vulnerabilities: CVE-2020-1935  

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability. (CVE-2020-1935)

Source

ALAS-2021-1472

Amazon Linux AMI Security Advisory: ALAS-2021-1472
Advisory Release Date: 2021-01-12 22:52 Pacific
Advisory Updated Date: 2021-01-13 18:28 Pacific
Severity: Low
References: CVE-2020-1935 
Issue Overview:

A flaw was found in Apache Tomcat. The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid. This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. The highest threat with this vulnerability is system availability. (CVE-2020-1935)


Affected Packages:

tomcat7


Issue Correction:
Run yum update tomcat7 to update your system.

New Packages:
noarch:
    tomcat7-javadoc-7.0.107-1.39.amzn1.noarch
    tomcat7-admin-webapps-7.0.107-1.39.amzn1.noarch
    tomcat7-log4j-7.0.107-1.39.amzn1.noarch
    tomcat7-lib-7.0.107-1.39.amzn1.noarch
    tomcat7-el-2.2-api-7.0.107-1.39.amzn1.noarch
    tomcat7-webapps-7.0.107-1.39.amzn1.noarch
    tomcat7-servlet-3.0-api-7.0.107-1.39.amzn1.noarch
    tomcat7-jsp-2.2-api-7.0.107-1.39.amzn1.noarch
    tomcat7-docs-webapp-7.0.107-1.39.amzn1.noarch
    tomcat7-7.0.107-1.39.amzn1.noarch

src:
    tomcat7-7.0.107-1.39.amzn1.src

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started