Sam Shahsavar discovered that Apache Tomcat did not properly reject HTTP requests with an invalid Content-Length header. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "tomcat8-common": "8.5.39-1ubuntu1~18.04.3+esm1", "tomcat8-admin": "8.5.39-1ubuntu1~18.04.3+esm1", "tomcat8-user": "8.5.39-1ubuntu1~18.04.3+esm1", "libtomcat8-java": "8.5.39-1ubuntu1~18.04.3+esm1", "tomcat8": "8.5.39-1ubuntu1~18.04.3+esm1", "tomcat8-examples": "8.5.39-1ubuntu1~18.04.3+esm1", "libtomcat8-embed-java": "8.5.39-1ubuntu1~18.04.3+esm1", "tomcat8-docs": "8.5.39-1ubuntu1~18.04.3+esm1" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "tomcat9": "9.0.16-3ubuntu0.18.04.2+esm1", "tomcat9-user": "9.0.16-3ubuntu0.18.04.2+esm1", "libtomcat9-embed-java": "9.0.16-3ubuntu0.18.04.2+esm1", "tomcat9-docs": "9.0.16-3ubuntu0.18.04.2+esm1", "libtomcat9-java": "9.0.16-3ubuntu0.18.04.2+esm1", "tomcat9-examples": "9.0.16-3ubuntu0.18.04.2+esm1", "tomcat9-common": "9.0.16-3ubuntu0.18.04.2+esm1", "tomcat9-admin": "9.0.16-3ubuntu0.18.04.2+esm1" } ] }
{ "availability": "No subscription required", "binaries": [ { "tomcat9": "9.0.31-1ubuntu0.5", "tomcat9-user": "9.0.31-1ubuntu0.5", "libtomcat9-embed-java": "9.0.31-1ubuntu0.5", "tomcat9-docs": "9.0.31-1ubuntu0.5", "libtomcat9-java": "9.0.31-1ubuntu0.5", "tomcat9-examples": "9.0.31-1ubuntu0.5", "tomcat9-common": "9.0.31-1ubuntu0.5", "tomcat9-admin": "9.0.31-1ubuntu0.5" } ] }
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "tomcat9": "9.0.58-1ubuntu0.1+esm1", "tomcat9-user": "9.0.58-1ubuntu0.1+esm1", "libtomcat9-embed-java": "9.0.58-1ubuntu0.1+esm1", "tomcat9-docs": "9.0.58-1ubuntu0.1+esm1", "libtomcat9-java": "9.0.58-1ubuntu0.1+esm1", "tomcat9-examples": "9.0.58-1ubuntu0.1+esm1", "tomcat9-common": "9.0.58-1ubuntu0.1+esm1", "tomcat9-admin": "9.0.58-1ubuntu0.1+esm1" } ] }