First published: Mon Feb 24 2020(Updated: )
Apache Tomcat is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encoding HTTP header. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/tomcat | <0:7.0.76-16.el7_9 | 0:7.0.76-16.el7_9 |
redhat/tomcat | <0:7.0.76-11.el7_6 | 0:7.0.76-11.el7_6 |
redhat/tomcat | <0:7.0.76-12.el7_7 | 0:7.0.76-12.el7_7 |
redhat/tomcat7 | <0:7.0.70-41.ep7.el6 | 0:7.0.70-41.ep7.el6 |
redhat/tomcat8 | <0:8.0.36-45.ep7.el6 | 0:8.0.36-45.ep7.el6 |
redhat/tomcat7 | <0:7.0.70-41.ep7.el7 | 0:7.0.70-41.ep7.el7 |
redhat/tomcat8 | <0:8.0.36-45.ep7.el7 | 0:8.0.36-45.ep7.el7 |
redhat/jws5-tomcat | <0:9.0.30-3.redhat_4.1.el6 | 0:9.0.30-3.redhat_4.1.el6 |
redhat/jws5-tomcat-native | <0:1.2.23-4.redhat_4.el6 | 0:1.2.23-4.redhat_4.el6 |
redhat/jws5-tomcat | <0:9.0.30-3.redhat_4.1.el7 | 0:9.0.30-3.redhat_4.1.el7 |
redhat/jws5-tomcat-native | <0:1.2.23-4.redhat_4.el7 | 0:1.2.23-4.redhat_4.el7 |
redhat/jws5-tomcat | <0:9.0.30-3.redhat_4.1.el8 | 0:9.0.30-3.redhat_4.1.el8 |
redhat/jws5-tomcat-native | <0:1.2.23-4.redhat_4.el8 | 0:1.2.23-4.redhat_4.el8 |
IBM IBM® Engineering Requirements Management DOORS | <=9.7.2.7 | |
IBM IBM® Engineering Requirements Management DOORS Web Access | <=9.7.2.7 | |
redhat/tomcat | <9.0.31 | 9.0.31 |
redhat/tomcat | <8.5.51 | 8.5.51 |
redhat/tomcat | <7.0.100 | 7.0.100 |
ubuntu/tomcat8 | <8.0.32-1ubuntu1.13 | 8.0.32-1ubuntu1.13 |
ubuntu/tomcat9 | <9.0.31-1 | 9.0.31-1 |
debian/tomcat9 | 9.0.31-1~deb10u6 9.0.31-1~deb10u12 9.0.43-2~deb11u9 9.0.43-2~deb11u10 9.0.70-2 | |
Apache Tomcat | >=7.0.0<=7.0.99 | |
Apache Tomcat | >=8.5.0<=8.5.50 | |
Apache Tomcat | >=9.0.0<=9.0.30 | |
Apache Tomcat | =9.0.0 | |
Apache Tomcat | =9.0.0-milestone1 | |
Apache Tomcat | =9.0.0-milestone10 | |
Apache Tomcat | =9.0.0-milestone11 | |
Apache Tomcat | =9.0.0-milestone12 | |
Apache Tomcat | =9.0.0-milestone13 | |
Apache Tomcat | =9.0.0-milestone14 | |
Apache Tomcat | =9.0.0-milestone15 | |
Apache Tomcat | =9.0.0-milestone16 | |
Apache Tomcat | =9.0.0-milestone17 | |
Apache Tomcat | =9.0.0-milestone18 | |
Apache Tomcat | =9.0.0-milestone19 | |
Apache Tomcat | =9.0.0-milestone2 | |
Apache Tomcat | =9.0.0-milestone20 | |
Apache Tomcat | =9.0.0-milestone21 | |
Apache Tomcat | =9.0.0-milestone22 | |
Apache Tomcat | =9.0.0-milestone23 | |
Apache Tomcat | =9.0.0-milestone24 | |
Apache Tomcat | =9.0.0-milestone25 | |
Apache Tomcat | =9.0.0-milestone26 | |
Apache Tomcat | =9.0.0-milestone27 | |
Apache Tomcat | =9.0.0-milestone3 | |
Apache Tomcat | =9.0.0-milestone4 | |
Apache Tomcat | =9.0.0-milestone5 | |
Apache Tomcat | =9.0.0-milestone6 | |
Apache Tomcat | =9.0.0-milestone7 | |
Apache Tomcat | =9.0.0-milestone8 | |
Apache Tomcat | =9.0.0-milestone9 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Canonical Ubuntu Linux | =16.04 | |
openSUSE Leap | =15.1 | |
Netapp Data Availability Services | ||
NetApp OnCommand System Manager | >=3.0.0<=3.1.3 | |
Oracle Agile Engineering Data Management | =6.2.1.0 | |
Oracle Agile Product Lifecycle Management | =9.3.3 | |
Oracle Agile Product Lifecycle Management | =9.3.5 | |
Oracle Agile Product Lifecycle Management | =9.3.6 | |
Oracle Communications Element Manager | =8.1.1 | |
Oracle Communications Element Manager | =8.2.0 | |
Oracle Communications Element Manager | =8.2.1 | |
Oracle Communications Instant Messaging Server | =10.0.1.4.0 | |
Oracle Health Sciences Empirica Inspections | =1.0.1.2 | |
Oracle Health Sciences Empirica Signal | =7.3.3 | |
Oracle Hospitality Guest Access | =4.2.0 | |
Oracle Hospitality Guest Access | =4.2.1 | |
Oracle Hyperion Infrastructure Technology | =11.1.2.4 | |
Oracle Instantis Enterprisetrack | >=17.1<=17.3 | |
Oracle Mysql Enterprise Monitor | >=4.0.0<=4.0.12 | |
Oracle Mysql Enterprise Monitor | >=8.0.0<=8.0.20 | |
Oracle Retail Order Broker | =15.0 | |
Oracle Siebel Ui Framework | <=20.5 | |
Oracle Transportation Management | =6.3.7 | |
Oracle Workload Manager | =12.2.0.1 | |
Oracle Workload Manager | =18c | |
Oracle Workload Manager | =19c |
Workaround for Red Hat Satellite 6 is to add iptables rule to deny TCP requests of Tomcat that are not originating from the Satellite. For other Red Hat products, either mitigation isn't available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)