Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-5020

Опубликовано: 12 нояб. 2020
Источник: oracle-oval
Платформа: Oracle Linux 7

Описание

ELSA-2020-5020: tomcat security update (LOW)

[0:7.0.76-16]

  • Resolves: rhbz#1814315 CVE-2020-1935 tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

tomcat

7.0.76-16.el7_9

tomcat-admin-webapps

7.0.76-16.el7_9

tomcat-docs-webapp

7.0.76-16.el7_9

tomcat-el-2.2-api

7.0.76-16.el7_9

tomcat-javadoc

7.0.76-16.el7_9

tomcat-jsp-2.2-api

7.0.76-16.el7_9

tomcat-jsvc

7.0.76-16.el7_9

tomcat-lib

7.0.76-16.el7_9

tomcat-servlet-3.0-api

7.0.76-16.el7_9

tomcat-webapps

7.0.76-16.el7_9

Oracle Linux x86_64

tomcat

7.0.76-16.el7_9

tomcat-admin-webapps

7.0.76-16.el7_9

tomcat-docs-webapp

7.0.76-16.el7_9

tomcat-el-2.2-api

7.0.76-16.el7_9

tomcat-javadoc

7.0.76-16.el7_9

tomcat-jsp-2.2-api

7.0.76-16.el7_9

tomcat-jsvc

7.0.76-16.el7_9

tomcat-lib

7.0.76-16.el7_9

tomcat-servlet-3.0-api

7.0.76-16.el7_9

tomcat-webapps

7.0.76-16.el7_9

Связанные CVE

CVE-2020-1935

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2020-1935

CVSS3: 4.8
ubuntu
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

redhat логотип

CVE-2020-1935

CVSS3: 4.3
redhat
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

nvd логотип

CVE-2020-1935

CVSS3: 4.8
nvd
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

debian логотип

CVE-2020-1935

CVSS3: 4.8
debian
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...

github логотип

GHSA-qxf4-chvg-4r8r

CVSS3: 4.8
github
больше 5 лет назад

Potential HTTP request smuggling in Apache Tomcat