Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat prior to 6.0.40, 7.x prior to 7.0.53, and 8.x prior to 8.0.4, when operated behind a reverse proxy, allows remote malicious users to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat 6.0.1 |
||
apache tomcat 6.0.10 |
||
apache tomcat 6.0.17 |
||
apache tomcat 6.0.18 |
||
apache tomcat 6.0.19 |
||
apache tomcat 6.0.27 |
||
apache tomcat 6.0.28 |
||
apache tomcat 6.0.35 |
||
apache tomcat 6.0.36 |
||
apache tomcat |
||
apache tomcat 6 |
||
apache tomcat 6.0.11 |
||
apache tomcat 6.0.12 |
||
apache tomcat 6.0.2 |
||
apache tomcat 6.0.29 |
||
apache tomcat 6.0.3 |
||
apache tomcat 6.0.37 |
||
apache tomcat 6.0.4 |
||
apache tomcat 6.0.8 |
||
apache tomcat 6.0.0 |
||
apache tomcat 6.0.15 |
||
apache tomcat 6.0.16 |
||
apache tomcat 6.0.24 |
||
apache tomcat 6.0.26 |
||
apache tomcat 6.0.32 |
||
apache tomcat 6.0.33 |
||
apache tomcat 6.0.6 |
||
apache tomcat 6.0.7 |
||
apache tomcat 6.0 |
||
apache tomcat 6.0.13 |
||
apache tomcat 6.0.14 |
||
apache tomcat 6.0.20 |
||
apache tomcat 6.0.30 |
||
apache tomcat 6.0.31 |
||
apache tomcat 6.0.5 |
||
apache tomcat 6.0.9 |
||
apache tomcat 8.0.0 |
||
apache tomcat 8.0.3 |
||
apache tomcat 8.0.1 |
||
apache tomcat 7.0.10 |
||
apache tomcat 7.0.11 |
||
apache tomcat 7.0.19 |
||
apache tomcat 7.0.2 |
||
apache tomcat 7.0.25 |
||
apache tomcat 7.0.26 |
||
apache tomcat 7.0.32 |
||
apache tomcat 7.0.33 |
||
apache tomcat 7.0.34 |
||
apache tomcat 7.0.4 |
||
apache tomcat 7.0.52 |
||
apache tomcat 7.0.0 |
||
apache tomcat 7.0.15 |
||
apache tomcat 7.0.16 |
||
apache tomcat 7.0.21 |
||
apache tomcat 7.0.22 |
||
apache tomcat 7.0.29 |
||
apache tomcat 7.0.3 |
||
apache tomcat 7.0.37 |
||
apache tomcat 7.0.38 |
||
apache tomcat 7.0.43 |
||
apache tomcat 7.0.44 |
||
apache tomcat 7.0.50 |
||
apache tomcat 7.0.6 |
||
apache tomcat 7.0.40 |
||
apache tomcat 7.0.47 |
||
apache tomcat 7.0.48 |
||
apache tomcat 7.0.9 |
||
apache tomcat 7.0.1 |
||
apache tomcat 7.0.17 |
||
apache tomcat 7.0.18 |
||
apache tomcat 7.0.23 |
||
apache tomcat 7.0.24 |
||
apache tomcat 7.0.30 |
||
apache tomcat 7.0.31 |
||
apache tomcat 7.0.39 |
||
apache tomcat 7.0.45 |
||
apache tomcat 7.0.46 |
||
apache tomcat 7.0.7 |
||
apache tomcat 7.0.8 |
||
apache tomcat 7.0.12 |
||
apache tomcat 7.0.13 |
||
apache tomcat 7.0.14 |
||
apache tomcat 7.0.20 |
||
apache tomcat 7.0.27 |
||
apache tomcat 7.0.28 |
||
apache tomcat 7.0.35 |
||
apache tomcat 7.0.36 |
||
apache tomcat 7.0.41 |
||
apache tomcat 7.0.42 |
||
apache tomcat 7.0.49 |
||
apache tomcat 7.0.5 |
Apache recently patched Tomcat, fixing a trio of information disclosure bugs and a denial of service bug in the open source web server and servlet container.
The denial of service bug, discovered in February by David Jorm of the Red Hat Security Response Team, could have allowed an attacker to create a malformed chunk size as part of a chunked request that would’ve allowed an unlimited amount of data to be streamed to the server. This would have bypassed the size limits enforced on a req...