Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-1935

Опубликовано: 24 фев. 2020
Источник: ubuntu
Приоритет: low
EPSS Низкий
CVSS2: 5.8
CVSS3: 4.8

Описание

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

eoan

DNE

esm-apps/bionic

needs-triage

esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

DNE

eoan

DNE

esm-apps/bionic

needs-triage

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

8.0.32-1ubuntu1.13
focal

DNE

groovy

DNE

hirsute

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

9.0.31-1
eoan

ignored

end of life
esm-apps/bionic

needs-triage

esm-apps/focal

not-affected

9.0.31-1
esm-apps/jammy

not-affected

9.0.31-1
esm-apps/noble

not-affected

9.0.31-1
esm-infra-legacy/trusty

DNE

focal

not-affected

9.0.31-1
groovy

not-affected

9.0.31-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 76%
0.01022
Низкий

5.8 Medium

CVSS2

4.8 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-1935

CVSS3: 4.3
redhat
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

nvd логотип

CVE-2020-1935

CVSS3: 4.8
nvd
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

debian логотип

CVE-2020-1935

CVSS3: 4.8
debian
больше 5 лет назад

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...

github логотип

GHSA-qxf4-chvg-4r8r

CVSS3: 4.8
github
больше 5 лет назад

Potential HTTP request smuggling in Apache Tomcat

oracle-oval логотип

ELSA-2020-5020

oracle-oval
больше 4 лет назад

ELSA-2020-5020: tomcat security update (LOW)

EPSS

Процентиль: 76%
0.01022
Низкий

5.8 Medium

CVSS2

4.8 Medium

CVSS3