Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-F2GQ-P6QV-CCW4
HistoryMay 01, 2022 - 2:04 a.m.

Tomcat Vulnerable to Web Cache Poisoning

2022-05-0102:04:54
GitHub Advisory Database
github.com
13

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON

Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a “Transfer-Encoding: chunked” header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka “HTTP Request Smuggling.”

Affected configurations

Vulners
Node
org.apache.tomcat\Matchtomcat
OR
org.apache.tomcat\Matchtomcat

References

Related

cve 2
cert 1
nessus 24
f5 2
veracode 2
tomcat 6
osv 2
cvelist 2
nvd 2
seebug 3
securityvulns 2
ubuntucve 1
debiancve 1
github 1
prion 1
openvas 12
freebsd 1
redhat 7
vmware 2
fedora 2
centos 1
oraclelinux 1
ibm 2
cve
cve
CVE-2005-2090
2005-07-05 04:00:00
CVE-2013-4286
2014-02-26 14:55:08
cert
cert
Single crafted HTTP request may result in multiple responses
2005-02-04 00:00:00
nessus
nessus
Apache Tomcat 5.0.x <= 5.0.30 / 5.5.x < 5.5.23 Content-Length HTTP Request Smuggling
2011-11-18 00:00:00
Apache Tomcat 7.0.0 < 7.0.47 multiple vulnerabilities
2019-01-11 00:00:00
Apache Tomcat 8.0.0 < 8.0.0-RC3 multiple vulnerabilities
2024-05-23 00:00:00
f5
f5
SOL16828 - Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
K16828 : Apache Tomcat vulnerability CVE-2005-2090
2015-07-02 00:00:00
veracode
veracode
HTTP Request Smuggling
2018-11-13 06:55:19
Request-smuggling Attacks
2019-01-15 08:59:20
tomcat
tomcat
Fixed in Apache Tomcat 5.5.23, 5.0.SVN
2007-03-09 00:00:00
Fixed in Apache Tomcat 6.0.11
2005-06-30 00:00:00
Fixed in Apache Tomcat 8.0.0-RC3
2013-09-23 00:00:00
osv
osv
Tomcat Vulnerable to Web Cache Poisoning
2022-05-01 02:04:54
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
cvelist
cvelist
CVE-2005-2090
2005-06-30 04:00:00
CVE-2013-4286
2014-02-26 11:00:00
nvd
nvd
CVE-2005-2090
2005-07-05 04:00:00
CVE-2013-4286
2014-02-26 14:55:08
seebug
seebug
Apache Tomcat 安全限制绕过漏洞
2014-02-26 00:00:00
Apache Tomcat不完整修复信息泄漏漏洞
2014-02-27 00:00:00
Mac OS X 2007-007更新修复多个安全漏洞
2007-08-02 00:00:00
securityvulns
securityvulns
[SECURITY] CVE-2013-4286 Incomplete fix for CVE-2005-2090 &#40;Information disclosure&#41;
2014-02-28 00:00:00
CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities &#40;Updated - v1.1&#41;
2009-01-28 00:00:00
ubuntucve
ubuntucve
CVE-2013-4286
2014-02-26 00:00:00
debiancve
debiancve
CVE-2013-4286
2014-02-26 14:55:00
github
github
Apache Tomcat is vulnerable to HTTP request-smuggling
2022-05-14 01:10:36
prion
prion
Design/Logic Flaw
2014-02-26 14:55:00
openvas
openvas
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
FreeBSD Ports: apache-tomcat
2008-09-04 00:00:00
Fedora Update for Pound FEDORA-2014-13777
2014-11-12 00:00:00
freebsd
freebsd
tomcat -- multiple vulnerabilities
2007-04-27 00:00:00
redhat
redhat
(RHSA-2007:0360) Important: jbossas security update
2007-05-24 00:00:00
(RHSA-2007:0328) Important: tomcat security update
2007-05-24 00:00:00
(RHSA-2007:0327) Important: tomcat security update
2007-05-14 00:00:00
vmware
vmware
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
Updated Tomcat and Java JRE packages for VirtualCenter 2.5, VirtualCenter 2.0.2, ESX 3.5, ESX 3.0.2, and ESX 3.0.1.
2008-01-07 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: Pound-2.6-8.fc19
2014-11-07 02:38:03
[SECURITY] Fedora 20 Update: Pound-2.6-8.fc20
2014-11-12 02:45:18
centos
centos
jakarta, tomcat5 security update
2007-05-14 22:49:09
oraclelinux
oraclelinux
Important: tomcat security update
2007-06-26 00:00:00
ibm
ibm
Security Bulletin: Security vulnerabilities in Apache Tomcat for WebSphere Application Server Community Edition 2.1.1.6 and 3.0.0.4(CVE-2013-4286,CVE-2012-3544,CVE-2013-4322,CVE-2013-4590,CVE-2014-0033)
2018-06-15 07:01:06
Security Bulletin: Rational Lifecycle Adapter for HP ALM Apache Tomcat fix (CVE-2013-4286, CVE-2014-0033, CVE-2013-4322, CVE-2013-4590, CVE-2014-0075, CVE-2014-0095, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119)
2018-06-17 04:55:05

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.972 High

EPSS

Percentile

99.8%

JSON
Related for GHSA-F2GQ-P6QV-CCW4
cve2cert1nessus24f52veracode2tomcat6osv2cvelist2nvd2seebug3securityvulns2ubuntucve1debiancve1github1prion1openvas12freebsd1redhat7vmware2fedora2centos1oraclelinux1ibm2