VYPR
Moderate severityNVD Advisory· Published Feb 24, 2020· Updated Aug 4, 2024

CVE-2020-1935

CVE-2020-1935

Description

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat.embed:tomcat-embed-coreMaven
< 7.0.1007.0.100
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 8.0.0, < 8.5.518.5.51
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 9.0.0, < 9.0.319.0.31
org.apache.tomcat:tomcatMaven
< 7.0.1007.0.100
org.apache.tomcat:tomcatMaven
>= 8.0.0, < 8.5.518.5.51
org.apache.tomcat:tomcatMaven
>= 9.0.0, < 9.0.319.0.31

Affected products

28

Patches

Vulnerability mechanics

References

31

News mentions

0

No linked articles in our index yet.