BIT-tomcat-2023-46589

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2023-46589.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-tomcat-2023-46589

Aliases

Published

2024-03-06T11:07:35.204Z

Modified

2026-03-20T12:49:41.581732Z

Summary

Apache Tomcat: HTTP request smuggling via malformed trailer headers

Details

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.15, from 9.0.0 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy.

Older, EOL versions may also be affected.

Users are recommended to upgrade to version 11.0.0 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.5.0

Fixed

8.5.96

Introduced

9.0.0

Fixed

9.0.83

Introduced

10.1.0

Fixed

10.1.16

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2023-46589.json"