A refactoring in Tomcat introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
CVE-2019-17569 - incorrect transfer-encoding handling
Severity
4.8
Project
Apache Tomcat & Apache TomEE
Versions affected
Apache Tomcat
Tomcat 6.x
All
Tomcat 7.x
7.0.0 to 7.0.99
Tomcat 8.0.x
All
Tomcat 8.5.x
8.5.0 to 8.5.50
Tomcat 9.x
9.0.0.M1 to 9.0.0.30
Apache TomEE
TomEE 1.7.x
All
TomEE 7.0.x
7.0.0-M1 to 7.0.7
TomEE 7.1.x
7.1.0 to 7.1.2
TomEE 8.0.x
8.0.0-M1 to 8.0.1
Feel Vulnerable?
Contact us so we can help you.
* These fields are required.
* These fields are required.
