4.8
CVSSv3

CVE-2020-1935

CVSSv4: NA | CVSSv3: 4.8 | CVSSv2: 5.8 | VMScore: 580 | EPSS: 0.00732 | KEV: Not Included
Published: 24/02/2020 Updated: 21/11/2024

Vulnerability Summary

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache tomcat

apache tomcat 9.0.0

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 16.04

opensuse leap 15.1

netapp data availability services -

netapp oncommand system manager

oracle agile engineering data management 6.2.1.0

oracle agile product lifecycle management 9.3.3

oracle agile product lifecycle management 9.3.5

oracle agile product lifecycle management 9.3.6

oracle communications element manager 8.1.1

oracle communications element manager 8.2.0

oracle communications element manager 8.2.1

oracle communications instant messaging server 10.0.1.4.0

oracle health sciences empirica inspections 1.0.1.2

oracle health sciences empirica signal 7.3.3

oracle hospitality guest access 4.2.0

oracle hospitality guest access 4.2.1

oracle hyperion infrastructure technology 11.1.2.4

oracle instantis enterprisetrack

oracle mysql enterprise monitor

oracle retail order broker 15.0

oracle siebel ui framework

oracle transportation management 6.3.7

oracle workload manager 12.2.0.1

oracle workload manager 18c

oracle workload manager 19c

Vendor Advisories

Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 10 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31, for RHEL 6, RHEL 7 and WindowsRed Hat Product Security has rated this release as having a security impact of Importa ...
Synopsis Low: tomcat security update Type/Severity Security Advisory: Low Topic An update for tomcat is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring System (CVSS) base score, which gives a detai ...
Synopsis Important: Red Hat JBoss Web Server 31 Service Pack 10 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and RHEL 7Red Hat Product Security has rated this release as having a security impact of Important A Comm ...
Synopsis Important: Red Hat JBoss Web Server 53 release Type/Severity Security Advisory: Important Topic Red Hat JBoss Web Server 530 zip release for RHEL 6, RHEL 7, RHEL 8 and Microsoft Windows is availableRed Hat Product Security has rated this release as having a security impact ofImportant A Common ...
Synopsis Important: Red Hat JBoss Web Server 53 release Type/Severity Security Advisory: Important Topic Updated Red Hat JBoss Web Server 530 packages are now available for Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, and Red Hat Enterprise Linux 8Red Hat Product Security has rated this relea ...
Synopsis Important: Red Hat support for Spring Boot 2113 security and bug fix update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift Application RuntimesRed Hat Product Security has rated this update as having a security impact of Important A Common Vuln ...
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian) For the oldstable distribution (stretch), these problems have been fixed in version 8554-0+deb9u1 We recommend that you upgrade your tomcat8 packages ...
Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector (disabled by default in Debian) or a man-in-the-middle attack against the JMX interface For the stable distribution (buster), these problems have been fixed in version 9031-1~deb10u1 The ...
A flaw was found in Apache Tomcat The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular m ...
The refactoring present in Apache Tomcat 9028 to 9030, 8548 to 8550 and 7098 to 7099 introduced a regression The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the inva ...
A flaw was found in Apache Tomcat The HTTP header parsing code used an approach to end-of-line (EOL) parsing that allowed some invalid HTTP headers to be parsed as valid This led to the possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular m ...
In Apache Tomcat 900M1 to 9030, 850 to 8550 and 700 to 7099 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Enc ...
In Apache Tomcat 900M1 to 9030, 850 to 8550 and 700 to 7099 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Enc ...
Cosminexus Component Container contain the following vulnerabilities: CVE-2020-1935, CVE-2020-1938 Cosminexus Component Container - Redirector contain the following vulnerability: CVE-2020-1938 Affected products and versions are listed below Please upgrade your version to the appropriate version This vulnerability exists in Cosminexus C ...

References

CWE-444https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:3305https://www.first.org/epsshttps://www.debian.org/security/2020/dsa-4673http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.htmlhttps://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/03/msg00006.htmlhttps://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlhttps://security.netapp.com/advisory/ntap-20200327-0005/https://usn.ubuntu.com/4448-1/https://www.debian.org/security/2020/dsa-4673https://www.debian.org/security/2020/dsa-4680https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.htmlhttps://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/r80e9c8417c77d52c62809168b96912bda70ddf7748f19f8210f745b1%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/r9ce7918faf347e7aac32be930bf26c233b0b140fe37af0bb294158b6%40%3Cdev.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/ra5dee390ad2d60307b8362505c059cd6a726de4d146d63dfce1e05e7%40%3Cusers.tomcat.apache.org%3Ehttps://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3Ehttps://lists.apache.org/thread.html/rd547be0c9d821b4b1000a694b8e58ef9f5e2d66db03a31dfe77c4b18%40%3Cusers.tomcat.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/03/msg00006.htmlhttps://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlhttps://security.netapp.com/advisory/ntap-20200327-0005/https://usn.ubuntu.com/4448-1/https://www.debian.org/security/2020/dsa-4673https://www.debian.org/security/2020/dsa-4680https://www.oracle.com/security-alerts/cpujan2021.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html