The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache tomcat |
||
apache tomee 7.0.7 |
||
opensuse leap 15.1 |
||
netapp data availability services - |
||
netapp oncommand system manager |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |
||
oracle agile engineering data management 6.2.1.0 |
||
oracle agile plm 9.3.3 |
||
oracle agile plm 9.3.5 |
||
oracle agile plm 9.3.6 |
||
oracle communications instant messaging server 10.0.1.4.0 |
||
oracle health sciences empirica inspections 1.0.1.2 |
||
oracle health sciences empirica signal 7.3.3 |
||
oracle hospitality guest access 4.2.0 |
||
oracle hospitality guest access 4.2.1 |
||
oracle instantis enterprisetrack |
||
oracle mysql enterprise monitor |
||
oracle transportation management 6.3.7 |
||
oracle workload manager 12.2.0.1 |
||
oracle workload manager 18c |
||
oracle workload manager 19c |