VYPR
Moderate severityNVD Advisory· Published Feb 24, 2020· Updated Aug 5, 2024

CVE-2019-17569

CVE-2019-17569

Description

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 7.0.98, < 7.0.1007.0.100
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.5.48, < 8.5.518.5.51
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 9.0.28, < 9.0.319.0.31
org.apache.tomcat:tomcatMaven
>= 7.0.98, < 7.0.1007.0.100
org.apache.tomcat:tomcatMaven
>= 8.5.48, < 8.5.518.5.51
org.apache.tomcat:tomcatMaven
>= 9.0.28, < 9.0.319.0.31

Affected products

28

Patches

Vulnerability mechanics

References

16

News mentions

0

No linked articles in our index yet.