Apache.Tomcat.Transfer.Encoding.Request.Smuggling
Description
This indicates detection of a HTTP Request Smuggling vulnerability in Apache Tomcat.
The vulnerability is due to improper handling of the transfer-encoding header of HTTP requests. A remote attacker may be able to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Affected Products
Apache Tomcat 10.0.0-M1 to 10.0.6
Apache Tomcat 9.0.0.M1 to 9.0.46
Apache Tomcat 8.5.0 to 8.5.66
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-8.html
Version Updates
Date | Version | Detail |
---|---|---|
2022-12-02 | 0.00335 |