virus logo Web Application Security

Apache.Tomcat.Transfer.Encoding.Request.Smuggling

description-logoDescription

This indicates detection of a HTTP Request Smuggling vulnerability in Apache Tomcat.
The vulnerability is due to improper handling of the transfer-encoding header of HTTP requests. A remote attacker may be able to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

affected-products-logoAffected Products

Apache Tomcat 10.0.0-M1 to 10.0.6
Apache Tomcat 9.0.0.M1 to 9.0.46
Apache Tomcat 8.5.0 to 8.5.66

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tomcat.apache.org/security-10.html https://tomcat.apache.org/security-9.html https://tomcat.apache.org/security-8.html

Version Updates

Date Version Detail
2022-12-02 0.00335

CVE References

CVE-2021-33037
ID 1090490148
Created Nov 30, 2022
Updated Nov 30, 2022
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS Windows, Linux
Affected App Apache
Engine Version 5.0.0 or later