Apache Tomcat is a lightweight Web application server from the Apache Foundation. The program implements support for Servlet and JavaServer Page (JSP). Apache Tomcat has an environment problem vulnerability that stems from the fact that Tomcat may have a request smuggling problem (Request Smuggling) when the rejectIllegalHeader is set to false. No details of the vulnerability are currently available.

CPENameOperatorVersion
Apache Tomcat >=8.5.0，le8.5.52
Apache Tomcat >=9.0.0，lt9.0.68
Apache Tomcat >=10.0.0，lt10.0.27
Apache Tomcat >=10.1.0，lt10.1.1

Name	Operator	Version
Apache Tomcat >=8.5.0，	le	8.5.52
Apache Tomcat >=9.0.0，	lt	9.0.68
Apache Tomcat >=10.0.0，	lt	10.0.27
Apache Tomcat >=10.1.0，	lt	10.1.1

cve 1

tomcat 4

kaspersky 3

nessus 23

openvas 10

veracode 1

ibm 15

atlassian 2

nvd 1

redhatcve 1

prion 1

cvelist 1

github 1

osv 5

ubuntucve 1

freebsd 1

f5 1

debiancve 1

photon 4

redhat 2

debian 2

gentoo 1

mageia 1

rosalinux 1

oracle 3

cve

CVE-2022-42252

2022-11-01 09:15:10

tomcat

Fixed in Apache Tomcat 9.0.68

2022-10-07 00:00:00

Fixed in Apache Tomcat 10.0.27

2022-10-10 00:00:00

Fixed in Apache Tomcat 10.1.1

2022-10-11 00:00:00

kaspersky

KLA20034 SB vulnerability in Apache Tomcat

2022-10-10 00:00:00

KLA20032 SB vulnerability in Apache Tomcat

2022-10-07 00:00:00

KLA20033 SB vulnerability in Apache Tomcat

2022-10-11 00:00:00

nessus

Apache Tomcat 10.1.0.M1 < 10.1.1

2022-11-02 00:00:00

Amazon Linux 2 : tomcat (ALASTOMCAT8.5-2023-002)

2023-09-27 00:00:00

Apache Tomcat 9.0.0.M1 < 9.0.68

2022-11-03 00:00:00

openvas

Huawei EulerOS: Security Advisory for tomcat (EulerOS-SA-2023-1341)

2023-02-09 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:4303-1)

2022-12-02 00:00:00

Apache Tomcat Request Smuggling Vulnerability (Oct 2022) - Linux

2022-11-02 00:00:00

veracode

HTTP Request Smuggling

2022-11-02 05:50:14

ibm

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-42252

2023-02-01 21:30:29

Security Bulletin: Vulnerability in Apache Tomcat affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products

2023-03-29 01:48:02

Security Bulletin: Apache Tomcat is vulnerable to HTTP request smuggling (CVE-2022-42252)

2022-12-19 19:41:58

atlassian

Request Smuggling org.apache.tomcat:tomcat-coyote in Confluence Data Center and Server

2023-11-03 00:45:41

Request Smuggling org.apache.tomcat:tomcat-coyote Dependency in Jira Software Data Center and Server

2023-12-14 07:45:36

nvd

CVE-2022-42252

2022-11-01 09:15:10

redhatcve

CVE-2022-42252

2022-11-09 14:26:30

prion

Cross site request forgery (csrf)

2022-11-01 09:15:00

cvelist

CVE-2022-42252 Apache Tomcat request smuggling via malformed content-length

2022-11-01 00:00:00

github

Apache Tomcat may reject request containing invalid Content-Length header

2022-11-01 12:00:30

osv

Apache Tomcat may reject request containing invalid Content-Length header

2022-11-01 12:00:30

CVE-2022-42252

2022-11-01 09:15:10

BIT-tomcat-2022-42252

2024-03-06 11:09:09

ubuntucve

CVE-2022-42252

2022-11-01 00:00:00

freebsd

Tomcat -- Request Smuggling

2022-10-31 00:00:00

K000133224 : Apache Tomcat vulnerability CVE-2022-42252

2023-03-28 00:00:00

debiancve

CVE-2022-42252

2022-11-01 09:15:10

photon

Important Photon OS Security Update - PHSA-2023-0314

2023-01-17 00:00:00

Important Photon OS Security Update - PHSA-2023-4.0-0314

2023-01-17 00:00:00

Important Photon OS Security Update - PHSA-2023-0518

2023-01-19 00:00:00

redhat

(RHSA-2023:1664) Low: Red Hat JBoss Web Server 5.7.2 release and security update

2023-04-12 12:28:51

(RHSA-2023:1663) Low: Red Hat JBoss Web Server 5.7.2 release and security update

2023-04-12 12:21:17

debian

[SECURITY] [DLA 3384-1] tomcat9 security update

2023-04-05 19:47:04

[SECURITY] [DSA 5381-1] tomcat9 security update

2023-04-05 20:07:07

gentoo

Apache Tomcat: Multiple Vulnerabilities

2023-05-30 00:00:00

mageia

Updated tomcat packages fix security vulnerability

2023-04-15 22:03:44

rosalinux

Advisory ROSA-SA-2023-2258

2023-10-21 16:49:43

oracle

Oracle Critical Patch Update Advisory - January 2023

2023-01-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Oracle Critical Patch Update Advisory - April 2023

2023-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.002 Low

EPSS

Percentile

64.8%

JSON

Related for CNVD-2022-74082