CVE-2019-17569
published 2020-02-24CVE-2019-17569: The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that…
medium4.8CVSS 3.1
AVNACHPRNUINSUCLILAN
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | apache_tomcat | — | — |
| apache | apache_tomcat | — | — |
| apache | apache_tomcat | — | — |
| apache | tomcat | — | — |
| apache | tomcat | 7.0.98 – 7.0.99 | — |
| apache | tomcat | 8.5.48 – 8.5.50 | — |
| apache | tomcat | 9.0.28 – 9.0.30 | — |
| apache | tomee | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | tomcat9 | < tomcat9 9.0.31-1 (bookworm) | tomcat9 9.0.31-1 (bookworm) |
| netapp | oncommand_system_manager | 3.0.0 – 3.1.3 | — |
| opensuse | leap | — | — |
| oracle | agile_engineering_data_management | — | — |
| oracle | agile_plm | — | — |
| oracle | agile_plm | — | — |
| oracle | agile_plm | — | — |
| oracle | communications_instant_messaging_server | — | — |
| oracle | health_sciences_empirica_inspections | — | — |
| oracle | health_sciences_empirica_signal | — | — |
| oracle | hospitality_guest_access | — | — |
| oracle | hospitality_guest_access | — | — |
| oracle | instantis_enterprisetrack | 17.1 – 17.3 | — |
| oracle | mysql_enterprise_monitor | <= 4.0.12 | — |
| oracle | mysql_enterprise_monitor | 8.0.0 – 8.0.20 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
osv4.8MEDIUM