The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:06
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-02-24 22:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-17569
Mitre link : CVE-2019-17569
CVE.ORG link : CVE-2019-17569
JSON object : View
Products Affected
netapp
- oncommand_system_manager
- data_availability_services
oracle
- workload_manager
- agile_engineering_data_management
- communications_instant_messaging_server
- health_sciences_empirica_signal
- mysql_enterprise_monitor
- transportation_management
- hospitality_guest_access
- agile_plm
- health_sciences_empirica_inspections
- instantis_enterprisetrack
apache
- tomcat
- tomee
opensuse
- leap
debian
- debian_linux
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')