Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Apache Tomcat HTTP Request Smuggling Vulnerability (Jul 2021) - Linux
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Apache Tomcat is prone to an HTTP request smuggling vulnerability.
Insight
Insight
Apache Tomcat does not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: Tomcat incorrectly ignores the transfer-encoding header if the client declared it would only accept an HTTP/1.0 response. Tomcat honours the identify encoding and Tomcat does not ensure that, if present, the chunked encoding is the final encoding.
Affected Software
Affected Software
Apache Tomcat 8.5.x through 8.5.66, 9.0.0.M1 through 9.0.46 and 10.0.0-M1 through 10.0.6.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 8.5.68, 9.0.48, 10.0.7 or later.