OESA-2021-1275
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1275
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1275.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2021-1275
- Upstream
- Published
- 2021-07-24T11:03:04Z
- Modified
- 2025-09-03T06:17:25.464614Z
- Summary
- tomcat security update
- Details
-
The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project
Security Fix(es):
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.(CVE-2021-33037)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / tomcat
Package
- Name
- tomcat
- Purl
- pkg:rpm/openEuler/tomcat&distro=openEuler-20.03-LTS-SP1