GHSA-f2gq-p6qv-ccw4

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f2gq-p6qv-ccw4/GHSA-f2gq-p6qv-ccw4.json
Aliases
  • CVE-2005-2090
Published
2022-05-01T02:04:54Z
Modified
2023-09-18T23:42:52Z
Details

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."

References

Affected packages

Maven / org.apache.tomcat:tomcat

Source Details

Package Name
org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Last affected
5.0.19

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}

Maven / org.apache.tomcat:tomcat

Source Details

Package Name
org.apache.tomcat:tomcat

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.0.0
Last affected
4.1.24

Ecosystem specific

{
    "affected_functions": [
        ""
    ]
}